Bove, DavideKalysch, Anatoli2021-06-212021-06-212019https://dl.gi.de/handle/20.500.12116/36643Hijacking user clicks and touch gestures has become a common attack vector and offers a stealthy approach at escalating the privileges of a process without raising red flags among users or AV software. Exploits falling into this category are categorized as clickjacking attacks and have gained increased popularity on mobile devices, Android being the recent victim of a series of UI vulnerabilities. Focusing on the Android OS this paper highlights previous and current UI-based attack vectors and finishes with an overview of security mechanisms, covering both system-wide as well as app-level protection measures.enAndroidClickjackingUIOverlaySecurityIn pursuit of a secure UI: The cycle of breaking and fixing Android’s UIText/Journal Article10.1515/itit-2018-00232196-7032