Passwords should be invisible to the accessibility services #547
Conversation
|
Thanks! Can you provide a link to your project? If we disable accessibility services, how are disabled users going to enter their passwords and passphrases? |
|
@mohammadnaseri I would also be very interested in more details about your project/research (kind of using this comment to subscribe to this issue :) |
|
It is a thesis project (between INRIA and CISPA) that is going to be submitted as a paper. |
|
Can you link to the app? |
|
Since it is an ongoing project, better not to present the app in the Github. Worth mentioning that the app is not malicious and just as a way to flag the apps with the vulnerability. At the end of the day, it is a trade-off that the developer needs to decide. |
|
can you DM the app? Or when will the paper be released? |
|
End of August or September. |
|
Does your paper describe how projects can address the problem when they use react native or some framework that renders to a webview? |
|
Yes, we have a separate discussion for that topic. |
|
Thank you @mohammadnaseri . Where can I find the paper when it is released? |
|
You can check : https://cispa.saarland/research/publications/ |
schildbach
force-pushed
the
master
branch
2 times, most recently
from
481ed68
to
c16bda1
Compare
schildbach
force-pushed
the
master
branch
2 times, most recently
from
23527de
to
b1392bc
Compare
Due to recent attacks, malicious apps that are using the accessibility service can capture all user inputs. In this case, the passwords should be ignored for the accessibility service, so such attacks cannot happen. This is done by our research project in CISPA, Saarland University, Germany.