{"id":"https://openalex.org/W7106279201","doi":"https://doi.org/10.1145/3680207.3723482","title":"WinSpy: Cross-window Side-channel Attacks on Android's Multi-window Mode","display_name":"WinSpy: Cross-window Side-channel Attacks on Android's Multi-window Mode","publication_year":2025,"publication_date":"2025-11-03","ids":{"openalex":"https://openalex.org/W7106279201","doi":"https://doi.org/10.1145/3680207.3723482"},"language":null,"primary_location":{"id":"doi:10.1145/3680207.3723482","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3680207.3723482","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3680207.3723482","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st Annual International Conference on Mobile Computing and Networking","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3680207.3723482","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Zeng Li","orcid":"https://orcid.org/0009-0002-5160-0885"},"institutions":[{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Zeng Li","raw_affiliation_strings":["Shandong University, Jinan, China"],"raw_orcid":"https://orcid.org/0009-0002-5160-0885","affiliations":[{"raw_affiliation_string":"Shandong University, Jinan, China","institution_ids":["https://openalex.org/I154099455"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Chuan Yan","orcid":"https://orcid.org/0000-0003-4855-1912"},"institutions":[{"id":"https://openalex.org/I165143802","display_name":"The University of Queensland","ror":"https://ror.org/00rqy9422","country_code":"AU","type":"education","lineage":["https://openalex.org/I165143802"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Chuan Yan","raw_affiliation_strings":["The University of Queensland, Brisbane, Australia"],"raw_orcid":"https://orcid.org/0000-0003-4855-1912","affiliations":[{"raw_affiliation_string":"The University of Queensland, Brisbane, Australia","institution_ids":["https://openalex.org/I165143802"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Liuhuo Wan","orcid":"https://orcid.org/0009-0004-7090-1493"},"institutions":[{"id":"https://openalex.org/I165143802","display_name":"The University of Queensland","ror":"https://ror.org/00rqy9422","country_code":"AU","type":"education","lineage":["https://openalex.org/I165143802"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Liuhuo Wan","raw_affiliation_strings":["The University of Queensland, Brisbane, Australia"],"raw_orcid":"https://orcid.org/0009-0004-7090-1493","affiliations":[{"raw_affiliation_string":"The University of Queensland, Brisbane, Australia","institution_ids":["https://openalex.org/I165143802"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Hui Zhuang","orcid":"https://orcid.org/0009-0006-7503-1137"},"institutions":[{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hui Zhuang","raw_affiliation_strings":["Shandong University, Qingdao, China"],"raw_orcid":"https://orcid.org/0009-0006-7503-1137","affiliations":[{"raw_affiliation_string":"Shandong University, Qingdao, China","institution_ids":["https://openalex.org/I154099455"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Pengfei Hu","orcid":"https://orcid.org/0000-0002-7935-886X"},"institutions":[{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Pengfei Hu","raw_affiliation_strings":["Shandong University, Qingdao, China"],"raw_orcid":"https://orcid.org/0000-0002-7935-886X","affiliations":[{"raw_affiliation_string":"Shandong University, Qingdao, China","institution_ids":["https://openalex.org/I154099455"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Guangdong Bai","orcid":"https://orcid.org/0000-0002-6390-9890"},"institutions":[{"id":"https://openalex.org/I165143802","display_name":"The University of Queensland","ror":"https://ror.org/00rqy9422","country_code":"AU","type":"education","lineage":["https://openalex.org/I165143802"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Guangdong Bai","raw_affiliation_strings":["The University of Queensland, Brisbane, Australia"],"raw_orcid":"https://orcid.org/0000-0002-6390-9890","affiliations":[{"raw_affiliation_string":"The University of Queensland, Brisbane, Australia","institution_ids":["https://openalex.org/I165143802"]}]},{"author_position":"last","author":{"id":null,"display_name":"Yiran Shen","orcid":"https://orcid.org/0000-0003-1385-1480"},"institutions":[{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yiran Shen","raw_affiliation_strings":["Shandong University, Jinan, China"],"raw_orcid":"https://orcid.org/0000-0003-1385-1480","affiliations":[{"raw_affiliation_string":"Shandong University, Jinan, China","institution_ids":["https://openalex.org/I154099455"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I154099455"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.56944658,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"407","last_page":"421"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.8981000185012817,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.8981000185012817,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.05290000140666962,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.013000000268220901,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.9023000001907349},{"id":"https://openalex.org/keywords/mode","display_name":"Mode (computer interface)","score":0.5922999978065491},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.5838000178337097},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.400299996137619},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.37470000982284546},{"id":"https://openalex.org/keywords/block-cipher-mode-of-operation","display_name":"Block cipher mode of operation","score":0.3711000084877014},{"id":"https://openalex.org/keywords/fingerprint","display_name":"Fingerprint (computing)","score":0.3458999991416931},{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.3276999890804291},{"id":"https://openalex.org/keywords/biometrics","display_name":"Biometrics","score":0.3273000121116638}],"concepts":[{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.9023000001907349},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6542999744415283},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.60589998960495},{"id":"https://openalex.org/C48677424","wikidata":"https://www.wikidata.org/wiki/Q6888088","display_name":"Mode (computer interface)","level":2,"score":0.5922999978065491},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.5838000178337097},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.400299996137619},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.37470000982284546},{"id":"https://openalex.org/C60448319","wikidata":"https://www.wikidata.org/wiki/Q154021","display_name":"Block cipher mode of operation","level":2,"score":0.3711000084877014},{"id":"https://openalex.org/C2777826928","wikidata":"https://www.wikidata.org/wiki/Q3745713","display_name":"Fingerprint (computing)","level":2,"score":0.3458999991416931},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.3276999890804291},{"id":"https://openalex.org/C184297639","wikidata":"https://www.wikidata.org/wiki/Q177765","display_name":"Biometrics","level":2,"score":0.3273000121116638},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.32710000872612},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.31310001015663147},{"id":"https://openalex.org/C2778751112","wikidata":"https://www.wikidata.org/wiki/Q835016","display_name":"Window (computing)","level":2,"score":0.2994000017642975},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.2946000099182129},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.29440000653266907},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.2858000099658966},{"id":"https://openalex.org/C2988145974","wikidata":"https://www.wikidata.org/wiki/Q620615","display_name":"Mobile apps","level":2,"score":0.2856000065803528},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.2854999899864197},{"id":"https://openalex.org/C79061980","wikidata":"https://www.wikidata.org/wiki/Q941680","display_name":"Inertial measurement unit","level":2,"score":0.28029999136924744},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.26980000734329224},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.2632000148296356},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.2623000144958496},{"id":"https://openalex.org/C178005623","wikidata":"https://www.wikidata.org/wiki/Q308859","display_name":"Anonymity","level":2,"score":0.2614000141620636},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.2581999897956848},{"id":"https://openalex.org/C2777499013","wikidata":"https://www.wikidata.org/wiki/Q7663719","display_name":"System integrity","level":2,"score":0.2531999945640564},{"id":"https://openalex.org/C2779841105","wikidata":"https://www.wikidata.org/wiki/Q3057620","display_name":"Bolster","level":2,"score":0.25209999084472656}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3680207.3723482","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3680207.3723482","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3680207.3723482","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st Annual International Conference on Mobile Computing and Networking","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3680207.3723482","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3680207.3723482","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3680207.3723482","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st Annual International Conference on Mobile Computing and Networking","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5456036329269409,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W7106279201.pdf"},"referenced_works_count":17,"referenced_works":["https://openalex.org/W1582716752","https://openalex.org/W2099468260","https://openalex.org/W2107816859","https://openalex.org/W2403657431","https://openalex.org/W2407386804","https://openalex.org/W2483639660","https://openalex.org/W2563009067","https://openalex.org/W2762324543","https://openalex.org/W2891810898","https://openalex.org/W2903035991","https://openalex.org/W2988277241","https://openalex.org/W3007498683","https://openalex.org/W3082687416","https://openalex.org/W3164146938","https://openalex.org/W4200228093","https://openalex.org/W4288057735","https://openalex.org/W4311165841"],"related_works":[],"abstract_inverted_index":{"With":[0],"the":[1,4,11,22,150,155],"development":[2],"of":[3,13,61],"Android":[5],"system":[6],"and":[7,24,40,88,112],"increasing":[8],"screen":[9],"size,":[10],"use":[12,139],"multi-window":[14,46,80],"mode":[15,30,81],"has":[16],"become":[17],"prevalent":[18],"among":[19],"users.":[20],"However,":[21],"security":[23,42],"privacy":[25],"implications":[26],"associated":[27],"with":[28,157],"this":[29,133],"have":[31],"not":[32],"been":[33],"thoroughly":[34],"investigated.":[35],"This":[36],"paper":[37],"uncovers":[38],"severe":[39],"unique":[41],"vulnerabilities":[43],"in":[44,79],"Android's":[45,94,128],"mode,":[47,134],"revealing":[48],"several":[49],"high-risk":[50],"side-channels":[51],"that":[52,101,125],"facilitate":[53],"diverse":[54],"cross-window":[55],"attacks,":[56,146],"leading":[57],"to":[58,82,108,115,127,144],"significant":[59],"breaches":[60],"user":[62],"privacy.":[63],"In":[64],"detail,":[65],"our":[66],"research":[67],"introduces":[68],"WinSpy,":[69],"a":[70,73],"framework":[71],"leveraging":[72],"newly":[74],"discovered":[75],"resource":[76],"contention":[77],"side-channel":[78],"fingerprint":[83],"app":[84,113],"launches,":[85],"web":[86],"pages,":[87],"in-app":[89,120],"activities,":[90],"all":[91],"without":[92],"violating":[93],"permission":[95,130],"framework.":[96],"Our":[97],"extensive":[98],"evaluations":[99],"demonstrate":[100],"WinSpy":[102],"achieves":[103],"high":[104,158],"accuracy":[105],"(from":[106],"70":[107],"80%":[109],"detecting":[110],"website":[111],"launches":[114],"over":[116],"97%":[117],"recognizing":[118],"critical":[119],"activities).":[121],"Additionally,":[122],"we":[123,161],"reveal":[124],"due":[126],"lenient":[129],"management":[131],"for":[132],"window":[135,156],"apps":[136],"can":[137],"also":[138],"Inertial":[140],"Measurement":[141],"Unit":[142],"sensors":[143],"launch":[145],"such":[147],"as":[148],"inferring":[149],"user's":[151],"touch":[152],"positions":[153],"outside":[154],"precision.":[159],"Furthermore,":[160],"propose":[162],"systematic":[163],"mitigations":[164],"against":[165],"these":[166],"vulnerabilities.":[167]},"counts_by_year":[],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-11-23T00:00:00"}