在2015年出現的task hijacking攻擊方法，直到最近的Android7.1.2版本都還存在task hijacking的問題。它不需要任何權限就可以進行釣魚攻擊、denial-of-service攻擊等等。惡意程式利用Androidmultitasking的正常功能與目標程式共用同一個task進行攻擊而不是使用系統漏洞。先前的研究對於task hijacking的防禦方法皆為偵測activity的啟動行為。為了能夠完全的解決task hijacking，本篇論文設計了一項新的機制稱作AffinityGuard，開發者可以自行決定是否允許第三方的應用程式共用同一個Task以及使用白名單自行設定允許的應用程式。在activity啟動時AffinityGuard進行檢測，如果發現非法共用Task時馬上將惡意程式抵擋。AffinityGuard能夠完全的阻擋task hijacking攻擊，而且不會影響Android multitasking的功能。本文也分析了大量應用程式，了解AffinityGuard影響一般應用程式的使用程度非常小。

Task hijacking has appeared in the 2015 year but this problem stillexists in Android version 7.1.2 recent years. An attacker can use task hi-jacking to do phishing attack, denial-of-service attack without any permis-sion. The problem of task hijacking is that powerful functions of Androidmultitasking, so malware can share the same task with the victim app.Previous researches’ solutions about defense mechanisms of task hi-jacking are detecting activity attribute and the relation between each activity. We design a new mechanism called AffinityGuard to solve this problem totally. Developers can choose whether to share the same task with a third-party application or not and also add new apps to whitelists.AffinityGuard will protect apps in the launching of the activity. If the activity shares the same task with the victim app illegally, AffinityGuard will stop malicious app to share the task with the victim app.AffinityGuard can completely prevent task hijacking without impact-ing Android multitasking system. We also analyzed a large number apps from google play and Understand that AffinityGuard affects the usage ofAndroid multitasking of general apps is very small.

[1] Tasks and back stack, https://developer.android.com/guide/components/ activities/tasks-and-back-stack, (Accessed on April 15, 2018).
[2] C. Ren, Y. Zhang, H. Xue, T. Wei, and P. Liu, “Towards discovering and un- derstanding task hijacking in android.,” in USENIX Security Symposium, 2015, pp. 945–959.
[3] Y. Xiao, G. Bai, J. Mao, Z. Liang, and W. Cheng, “Privilege leakage and informa- tion stealing through the android task mechanism,” in Privacy-Aware Computing (PAC), 2017 IEEE Symposium on, IEEE, 2017, pp. 152–163.
[4] L. Yang, L. Wang, and D. Zhang, “Malicious behavior analysis of android gui based on adb,” in Computational Science and Engineering (CSE) and Embedded and Ubiquitous Computing (EUC), 2017 IEEE International Conference on, IEEE, vol. 2, 2017, pp. 147–153.
[5] Z. Wang, C. Li, Y. Guan, Y. Xue, and Y. Dong, “Activityhijacker: Hijacking the android activity component for sensitive data,” in Computer Communication and Networks (ICCCN), 2016 25th International Conference on, IEEE, 2016, pp. 1–9.
[6] A. P. Felt and D. Wagner, Phishing on mobile devices. na, 2011.
[7] C. Ren, P. Liu, and S. Zhu, “Windowguard: Systematic protection of gui security in android,” in Proc. of the Annual Symposium on Network and Distributed System Security (NDSS), 2017.
[8] S. Lee, S. Hwang, and S. Ryu, “All about activity injection: Threats, semantics, and detection,” in Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, IEEE Press, 2017, pp. 252–262.
[9] S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel, “Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps,” Acm Sigplan Notices, vol. 49, no. 6, pp. 259–269, 2014.
[10] Class intent, https://developer.android.com/reference/android/ content/Intent, (Accessed on June 6, 2018).
41
[11] Understand the activity lifecycle, https://developer.android.com/guide/ components/activities/activity-lifecycle, (Accessed on April 25, 2018).
[12] Android open source project, https://source.android.com/, (Accessed on May 1, 2018).
[13] Androguard, https://github.com/androguard/androguard, (Accessed on April 18, 2018).
[14] Q. A. Chen, Z. Qian, and Z. M. Mao, “Peeking into your app without actually seeing it: Ui state inference and novel android attacks.,” in USENIX Security Symposium, 2014, pp. 1037–1052.
[15] A. Bianchi, J. Corbetta, L. Invernizzi, Y. Fratantonio, C. Kruegel, and G. Vigna, “What the app is that? deception and countermeasures in the android user in- terface,” in 2015 IEEE Symposium on Security and Privacy (SP), IEEE, 2015, pp. 931–948.
[16] G. Essl, J. A. Halderman, Z. M. Mao, and A. Prakash, “Android ui deception revisited: Attacks and defenses,” in Financial Cryptography and Data Security: 20th International Conference, FC 2016, Christ Church, Barbados, February 22– 26, 2016, Revised Selected Papers, Springer, vol. 9603, 2017, p. 41.
[17] B. Cooley, H. Wang, and A. Stavrou, “Activity spoofing and its defense in android smartphones,” in International Conference on Applied Cryptography and Network Security, Springer, 2014, pp. 494–512.
[18] S. Afroz and R. Greenstadt, “Phishzoo: Detecting phishing websites by looking at them,” in Semantic Computing (ICSC), 2011 Fifth IEEE International Conference on, IEEE, 2011, pp. 368–375.
[19] X. Qiang, L. Bin, Y. Wei, and S. Wenchang, “Detecting android malware phishing login interface based on surf algorithm,” Journal of Tsinghua University (Science and Technology), vol. 56, no. 1, pp. 77–82, 2016.
[20] Using task affinity to launch denial-of-service or phishing attacks in android, https: / / bitbucket . org / secure - it - i / android - app - vulnerability - benchmarks/wiki/Home, (Accessed on December 12, 2017).