SoK: The Evolution of Trusted UI on Mobile

Davide Bove, System Security and Software Protection Group.

In mobile security research, one of the many challenges is the lack of trusted user interfaces (TUI). Currently, users are not able to reliably identify which screen content is genuine and which is potentially manipulated. The concepts of trusted displays and user interfaces, which offer a high confidence in the trustworthiness of screen contents, are not universally implemented on current consumer devices. In this paper, we systematically analyze the developments in the field of TUIs on mobile devices over seven years. We present a new taxonomy to define and categorize challenges and issues in current UI designs, with a focus on issues that negatively affect the security of the whole OS. In addition, we suggest directions where contributions in research could solve these issues.

Full paper: sok-evolution.pdf

DOI: 10.1145/3488932.3517417

Presentation slides: sok-evolution-slides.pdf

For a recording of the presentation check the Supplemental Materials sections on the ACM website.

The paper are licensed under a Creative Commons Attribution International 4.0 License.

Name	Default Cookie
Provider	Owner of this website
Purpose	Saves the visitors preferences selected in the Consent Banner.
Privacy Policy	https://www.cs1.tf.fau.de/privacy/
Hosts	www.cs1.tf.fau.de
Cookie Name	rrze-legal-consent
Cookie Expiry	1 Year

Name	WordPress
Provider	No transmission to third parties
Purpose	Test if cookie can be set. Remember User session.
Privacy Policy	https://www.cs1.tf.fau.de/privacy/
Hosts	.www.cs1.tf.fau.de
Cookie Name	wordpress_[*]
Cookie Expiry	Session

Name	SimpleSAML
Provider	No transmission to third parties
Purpose	Used to manage WebSSO session state.
Privacy Policy	https://www.cs1.tf.fau.de/privacy/
Hosts	www.cs1.tf.fau.de
Cookie Name	SimpleSAMLSessionID,SimpleSAMLAuthToken
Cookie Expiry	Session

Name	PHPSESSID
Provider	No transmission to third parties
Purpose	Preserves user session state across page requests.
Privacy Policy	https://www.cs1.tf.fau.de/privacy/
Hosts	www.cs1.tf.fau.de
Cookie Name	PHPSESSID
Cookie Expiry	Session

Accept	Siteimprove Analytics
Name	Siteimprove Analytics
Provider	Rosenheimer Str. 143 C, 81671 Munich, Germany
Purpose	Used to help record the visitor’s use of the website.
Privacy Policy	https://www.siteimprove.com/privacy/privacy-policy/
Hosts	siteimprove.com
Cookie Name	nmstat
Cookie Expiry	1000 Days

Accept	Twitter
Name	Twitter
Provider	Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Purpose	Used to unblock Twitter content.
Privacy Policy	https://twitter.com/privacy
Hosts	twimg.com, twitter.com
Cookie Name	__widgetsettings, local_storage_support_test
Cookie Expiry	Unlimited

Accept	YouTube
Name	YouTube
Provider	Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Purpose	Used to unblock YouTube content.
Privacy Policy	https://policies.google.com/privacy?hl=en&gl=en
Hosts	google.com, youtube.com, youtube-nocookie.com
Cookie Name	NID
Cookie Expiry	6 Months

Accept	Vimeo
Name	Vimeo
Provider	Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA
Purpose	Used to unblock Vimeo content.
Privacy Policy	https://vimeo.com/privacy
Hosts	player.vimeo.com
Cookie Name	vuid
Cookie Expiry	2 Years

Accept	Slideshare
Name	Slideshare
Provider	Scribd, Inc., 460 Bryant St, 100, San Francisco, CA 94107-2594 USA
Purpose	Used to unblock Slideshare content.
Privacy Policy	https://www.slideshare.net/privacy
Hosts	www.slideshare.net
Cookie Name	__utma
Cookie Expiry	2 Years