ScreenPass: Secure Password Entry on Touchscreen Devices
Users routinely access cloud services through third-party apps on Smartphones by giving apps login credentials (i.e., a username and password). Unfortunately, users have no assurance that their apps will properly handle this sensitive information. In this paper, the authors describe the design and implementation of ScreenPass, which significantly improves the security of passwords on touchscreen devices. ScreenPass secures passwords by ensuring that they are entered securely, and uses taint-tracking to monitor where apps send password data. The primary technical challenge addressed by Screen-Pass is guaranteeing that trusted code is always aware of when a user is entering a password.