Investigating the keylogging threat in android — User perspective (Regular research paper)

Keylogging threats have been reasonably studied in computer systems but poorly covered in the domain of mobile operating systems. Android took the lead among the other mobile operating systems in allowing developers to build custom third-party keyboards to replace the stock Android on-screen keyboard. This opened the door for malicious developers to create keyloggers for the purpose of spying and/or phishing for users' sensitive data. A malicious developer may build a keylogger from scratch or utilize an existing keyboard. Furthermore, users may unknowingly install keyloggers from the online app markets or may use a keylogger that a malicious user with physical access has installed on their devices. In this paper, we discuss users' and keyboard developers' roles in increasing/decreasing the chance of successful keylogger attacks. We developed an Android app, KBsChecker, and asked participants to install it on their devices. The app collects data from participants' devices and prompts them to complete a survey. We also asked a number of developers to answer a few questions with regard to their experiences in building third-party keyboards. Our study showed that keylogging threat is of high probability due to the current security configurations and the choices of users and developers. Moreover, the study showed that the risk can be mitigated by educating users and by adopting new development approaches.