On Android'S Activity Hijacking Prevention

Android task and hijacking attacks can have a high impact on end users' data confidentiality, since malicious applications exploiting such a threat can deceive end users and gain access to sensitive data silently. We believe that these threats are of high importance and thus in this paper we study them thoroughly through a tool capable to identify specific configurations that an application may be vulnerable. Furthermore, we propose an operating system level defense mechanism that controls the access to applications' activities and is transparent to both end users and developers by leveraging on their built-in signatures. We demonstrate, through the tool that we have developed, different vulnerable configurations, while we evaluate the effectiveness of the proposed defense mechanism. Results have proved that the proposed solution does not affect Android's task management and that end user suffer only negligible execution overhead. (c) 2021 Elsevier Ltd. All rights reserved.