Through the Frosted Glass: Security Problems in a Translucent UI

TL;DR

This paper investigates security vulnerabilities caused by translucency in mobile UI design, demonstrating how it can mislead users and proposing solutions, supported by a user study quantifying the security impact.

Contribution

It identifies security issues in translucent UI elements, analyzes attack challenges, and provides potential solutions, supported by empirical user research.

Findings

Translucency can impair user recognition of trusted elements

Users are susceptible to security risks due to UI translucency

Further research is needed to fully understand security implications

Abstract

Translucency is now a common design element in at least one popular mobile operating system. This raises security concerns as it can make it harder for users to correctly identify and interpret trusted interaction elements. In this paper, we demonstrate this security problem using the example of the Safari browser in the latest iOS version on Apple tablets and phones (iOS7), and discuss technical challenges of an attack as well as solutions to these challenges. We conclude with a survey-based user study, where we seek to quantify the security impact, and find that further investigation is warranted.