UIHash: Detecting Similar Android UIs through Grid-Based Visual Appearance Representation
Jiawei Li, Jian Mao, Jun Zeng, Qixiao Lin, Shaowen Feng, Zhenkai Liang
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
In the contemporary mobile landscape, user interfaces (UIs) serve as the primary interaction point between users and applications. However, the prevalence of similar UIs in **counterfeit applications** poses a significant security threat, acting as an attack surface designed to deceive users. Malicious actors leverage familiar UI designs to trick users into installing and interacting with harmful applications, often leading to credential theft or the distribution of malware. A prime example highlighted in the talk is a spoofing UI designed to solicit user credentials, demonstrating the critical need for robust methods to detect UI similarity. This talk, presented by Jiawei Li and colleagues from Beihang University and the National University of Singapore, introduces **UIHash**, a novel approach to identify similar Android UIs by representing their visual appearance through a grid-based abstraction.
AI review
This work introduces UIHash, a novel grid-based approach to detect similar Android UIs by mimicking human perception. It effectively bypasses traditional pixel-level and layout-tree comparisons, offering a robust defense against sophisticated spoofing and repackaging attacks by focusing on runtime visual semantics and leveraging a CNN-based Siamese Network for similarity scoring.