Email Print Share


Patching Android vulnerabilities

NSF-funded computer scientists identified vulnerabilities in Android operating systems, protecting users from cyberattacks

Cybercrime costs the global economy an estimated $400 billion annually.

Cybercrime costs the global economy an estimated $400 billion annually.
Credit and Larger Version

March 27, 2018

This material is available primarily for archival purposes. Telephone numbers or other contact information may be out of date; please see current contact information at media contacts.

In May 2017, NSF-funded computer scientists uncovered vulnerabilities in the Android operating system that would allow attackers to view information on a user's phone. The vulnerability occurs when the device's owner activates a legitimate app that requests permission to overlay a feature, such as a chat window, on the phone's screen.

When enabled, this feature -- the "cloak" -- lets a hacker superimpose a fake window on top of the mobile user's window without their knowledge. The second app -- the "dagger" -- takes information captured by the hacker's "fake" window and conveys it to the real app beneath, giving the appearance that everything is normal.

The scientists alerted Google and worked with the company to implement a fix. A patch for the problem was released in early September 2017.

NSF Directorate(s):
Directorate for Computer and Information Science and Engineering


Related Awards
#1017265 TC: Small: A Foundational and Practical Platform for Host Security Applications
#0831300 Collaborative Research: CT-L: CLEANSE: Cross-Layer Large-Scale Efficient Analysis of Network Activities to Secure the Internet

This NSF Impact is one of thousands of research outcomes made possible by NSF that help fuel the U.S. economy, enhance national security and sustain U.S. global leadership by advancing knowledge. You can search for more NSF Impacts at

 Get Impacts by Email