Recently, the team led by Professor Shen Yiran from the Intelligent Graphics and Image Processing (IGIP) Laboratory at the School of Software, Shandong University, made significant progress in the field of mobile system security. Their research, titled “WinSpy: Cross-window Side-channel Attacks on Android's Multi-window Mode,” has been accepted by the ACM International Conference on Mobile Computing and Networking (ACM MobiCom), a top-tier conference in mobile computing and communication (CCF-A category).

The first author and corresponding author affiliations are with the School of Software, Shandong University. The first author is Li Zeng, a master's student at the IGIP Laboratory, and the corresponding author is Professor Shen Yiran. The research also benefited from significant contributions by Professor Bai Guangdong’s team from the University of Queensland, Australia, and Professor Hu Pengfei’s team from the School of Computer Science, Shandong University.

The research team identified significant security risks in the widely used Android multi-window mode, which could lead to severe user privacy leaks. By conducting an in-depth analysis of the operating mechanisms of Android's multi-window mode and leveraging its key characteristics—such as strong resource competition, long lifecycle, and shared sensors—the team proposed multiple effective attack strategies in their paper.

The multi-window mode has a broad user base and is widely adopted in multitasking scenarios, such as split-screen and floating window modes. Previous research has primarily focused on UI interface security. For the first time, this study delves into the underlying scheduling and allocation mechanisms of the Android system, uncovering a resource contention side-channel that poses severe security risks. By exploiting this channel, malicious programs can identify the applications a user is using, the websites accessed via browsers, and even specific in-app behaviors such as chatting or financial transactions.

The study further reveals that Android's sensor management in multi-window scenarios is relatively lenient. Without violating permission management restrictions, malicious programs can access sensor data, such as accelerometers, which contain a wealth of private user information. This allows attackers to infer user text input, and transaction passwords, and even reconstruct audio content played through the device's speakers.

Given the widespread adoption of multi-window features like split-screen and floating windows, the findings are of great significance for improving privacy and security in the Android system. Acting responsibly, the research team has reported this security risk to Google.

ACM MobiCom is a top-tier conference in the field of mobile computing and communication and is recognized as one of the most challenging and influential international academic conferences in computer networking. The acceptance rate often falls below 10%, reflecting the highly competitive nature of the conference. WinSpy also marks the first research achievement from the faculty and students of the School of Software at Shandong University to be accepted by MobiCom.