Implication of Animation on Android Security.

We find that seemingly innocuous animations widely used in Android can pose great threats to user security and privacy. Both entrance and exit animations can be exploited. In our draw-and-destroy overlay attack, a malicious app periodically draws and destroys transparent UI-intercepting overlays, which can be put over victim apps to intercept user inputs stealthily. Although Android is patched to show alerts if there is an overlay over an app, quickly drawing and destroying malicious overlays can exploit the slow-in animation of the notification alert view and suppress the alert. In our draw-and-destroy toast attack, a malicious app periodically creates a new customized toast over a victim app before the previously customized toast disappears. This attack exploits the fade-out animation of the toast so that transition between two successive toasts cannot be observed. The two draw-and-destroy attacks can be building blocks of other attacks. We particularly study the password-stealing attack given its severe consequence, in which the draw-and-destroy toast attack displays a fake keyboard over the original keyboard and the draw-and-destroy overlay attack places transparent overlays over the fake keyboard to intercept user inputs. Extensive real-world experiments are conducted to validate the feasibility and effectiveness of the attacks. We also discuss defense measures mitigating the attacks. We are the first to discover the security implications of animation on Android security.