A

Accessibility service

An accessibility service is a service in mobile operating systems that assists users with disabilities but can be exploited to intercept user interactions.

Implementing an accessibility service in Android allows to create experiences that are accessible to a wider range of users. These services offer APIs that allow developers to modify how applications are presented and interacted with by users who rely on assistive technologies. For example, developers can customize the way apps' contents are read aloud by implementing screen readers, or how apps respond to different types of input devices used by people with limited motor skills.

Accessibility services architecture

Malicious accessibility services can misuse users' trust to intercept their data or perform actions on their behalf without their knowledge. It is one of the common attack vectors implemented by malware.

Activity injection

Activity injection is a process of inserting unauthorized activities above the legitimate app to capture sensitive information or mislead the user.

See also view injection

B

Biometric authentication

A security process that relies on the unique biological characteristics of an individual to verify their identity.

C

Clicker

A malicious software functionality that simulates user input to automate a certain scenario, such as logging in to a system.

Clipboard

A temporary storage area for text or data that the user wants to copy from one place to another.

Command and control

A server or a group of servers used by attackers to send commands to and receive data from malware.

D

Dropper app

A seemingly benign application that secretly installs malware onto a victim's device.

H

Hooking

A technique used to intercept function calls in an application.

V

View injection

A process of inserting additional views or UI elements into an app to capture sensitive information or mislead the user.