Key points are not available for this paper at this time.
Phishing in mobile applications is a relevant threat with successful attacks in the wild. In such attacks, malicious mobile applications masquerade legitimate ones to steal user credentials. In this paper we categorize phishing attacks in mobile platforms and possible countermeasures. show that personalized security indicators can help users to detect phishing and have very little deployment cost. Personalized security indicators, , rely on the user alertness to detect phishing attacks. Previous work the context of website phishing has shown that users tend to ignore the of security indicators and fall victim of the attacker. Consequently, research community has deemed personalized security indicators as an phishing detection mechanism. We evaluate personalized security indicators as a phishing detection solution the context of mobile applications. We conducted a large-scale user study a significant amount of participants that used personalized security were able to detect phishing. All participants that did not use could not detect the attack and entered their credentials to a application. We found the difference in the attack detection ratio to statistically significant. Personalized security indicators can, therefore, phishing detection in mobile applications and their reputation as an-phishing mechanism should be reconsidered. We also propose a novel protocol to setup personalized security indicators a strong adversarial model and provide details on its performance and.
Marforio et al. (Tue,) studied this question.