-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passwords should be invisible to the accessibility services #547
base: main
Are you sure you want to change the base?
Conversation
Thanks! Can you provide a link to your project? If we disable accessibility services, how are disabled users going to enter their passwords and passphrases? |
@mohammadnaseri I would also be very interested in more details about your project/research (kind of using this comment to subscribe to this issue :) |
It is a thesis project (between INRIA and CISPA) that is going to be submitted as a paper. |
Can you link to the app? |
Since it is an ongoing project, better not to present the app in the Github. Worth mentioning that the app is not malicious and just as a way to flag the apps with the vulnerability. At the end of the day, it is a trade-off that the developer needs to decide. |
can you DM the app? Or when will the paper be released? |
End of August or September. |
Does your paper describe how projects can address the problem when they use react native or some framework that renders to a webview? |
Yes, we have a separate discussion for that topic. |
Thank you @mohammadnaseri . Where can I find the paper when it is released? |
You can check : https://cispa.saarland/research/publications/ |
481ed68
to
c16bda1
Compare
23527de
to
b1392bc
Compare
Due to recent attacks, malicious apps that are using the accessibility service can capture all user inputs. In this case, the passwords should be ignored for the accessibility service, so such attacks cannot happen. This is done by our research project in CISPA, Saarland University, Germany.