Go to WCRE 2022 homepageA Study on Screen Logging Risks of Secure Keyboards of Android Financial Apps
Abstract: To ensure the security of users' property, financial applications in particular require special security guarantee. Specially, to prevent the theft of user's passwords, many financial apps provide their secure keyboards. However, password compromise is still possible if the security keyboard is not implemented properly, putting the user's property at risk. In this paper, we focus on investigating secure keyboards of Android financial apps as well as their risks under screenloggers. We conducted a study on 428 financial apps downloaded from Huawei App Store, Google Play, Wandoujia and Xiaomi GetApps. Our study shows that the status of secure keyboard of financial apps is not optimistic. We find that only 161 apps (37.6%) provide app-specific secure keyboard implementations and the keyboards provided by 60 apps are not secure under screenlogger attacks. Specially, the fundamental causes of all studied insecure keyboards can be attributed to the inappropriate settings of the secure flag of the window or surface that renders the secure keyboard or its feedback animation.
0 Replies
Loading