||In recent years, the Android Component Hijacking Vulnerabilities are widely discussed. This kind of vulnerabilities may cause tremendous problem in the system. If any of the Android Components has been hijacked, it may disclose user’s personal information or private data to the attacker. To be more precisely, those attacks will redirect or hijack the Android Component’s original workflow to malicious code or even to the extent that execute a malware.|
One of the Android Components is Activity, it construct the UI frames for the user. In this paper, we focus on Activity Hijacking Attacks. As the name implies, Activity Hijacking Attacks is to hijack the original activity workflow while users are using. We construct our solution in Android framework called AHA to keep track of every activity workflow and knowing the layout about the activity.
Our solution AHA can stop the attack which using the Activity Hijacking Attacks to steal user’s personal information. Furthermore, AHA can easily patched into existing Android system and with ignorable overhead.
|| I. D. Corporation. Worldwide Quarterly Mobile Phone Tracker. Available: http://www.idc.com/getdoc.jsp?containerId=prUS25450615|
 Google Play. Available: https://play.google.com/store?hl=zh_TW
 E. Owusu, J. Han, S. Das, A. Perrig, and J. Zhang, "ACCessory: password inference using accelerometers on smartphones," in Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications, 2012, p. 9.
 C.-C. Lin, H. Li, X. Zhou, and X. Wang, "Screenmilker: How to milk your android screen for secrets," in 21st Annual Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, 2014.
 L. Cai and H. Chen, "TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion," in HotSec, 2011.
 S. Schulte. TWSL2011-008: Focus Stealing Vulnerability in Android Available: https://www.trustwave.com/Resources/SpiderLabs-Blog/TWSL2011-008--Focus-Stealing-Vulnerability-in-Android/
 Android Developer Reference, Fundamental Components. Available: http://developer.android.com/guide/components/fundamentals.html
 L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang, "Chex: statically vetting android apps for component hijacking vulnerabilities," in Proceedings of the 2012 ACM conference on Computer and communications security, 2012, pp. 229-240.
 Q. A. Chen, Z. Qian, and Z. M. Mao, "Peeking into your app without actually seeing it: Ui state inference and novel android attacks," in Proceedings of the 23rd USENIX Security Symposium, 2014, pp. 1037-1052.
 Android Developer Reference, ActivityManager. Available: http://developer.android.com/reference/android/app/ActivityManager.html
 Android Developer Reference, View. Available: http://developer.android.com/reference/android/view/View.html
 Android Developer Reference, WindowManager. Available: http://developer.android.com/reference/android/view/WindowManager.html
 AnTuTu Benchmark. Available: http://www.antutu.com/index.shtml
 Android Developer Reference, Surface. Available: http://developer.android.com/reference/android/view/Surface.html
 E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, "Analyzing inter-application communication in Android," in Proceedings of the 9th international conference on Mobile systems, applications, and services, 2011, pp. 239-252.
 M. Zhang and H. Yin, "Appsealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in android applications," in Proceedings of the 21th Annual Network and Distributed System Security Symposium (NDSS 2014), 2014.
 Android Developer Reference, Telephony.Mms. Available: http://developer.android.com/reference/android/provider/Telephony.Mms.html
 Android Open Source Project. Available: https://source.android.com/