Generating smartphone phishing applications for deception based defense

Graphical User Interface (GUI)-based APplications (GAPs) are ubiquitous, both in personal and business use and they are deployed on diverse software and hardware platforms. Android has been increasingly adopted as operating system for smartphones and is gaining popularity. With this increase, the smartphones are now built with capabilities to assist Users With Disabilities (UWDs). There are close to 50Mil people in USA and nearly 600Mil people worldwide who have some form of disability ranging from vision impairment to hearing etc. UWDs need specialized assistance with GAPs. Accessibility Services (AS) are embedded in smartphones to assist UWDs with GUI interaction but these mobile assistive technologies are fundamentally insecure thus exposing smartphones to a variety of attacks. SEAPHISH (SEcuring Accessibility using PHISHing) platform aims to analyze security issues and threats posed by AS which can effectively simulate the human user of the smartphone. The platform uses existing mobile apps which are already installed on the users smartphones to extract GUI properties via AS to generate a similar looking app i.e. a phishing app. These phished apps can help in predicting and mitigating security threats posed by malicious applications using deception as a base for defense.