Users routinely access cloud services through third-party apps on
smartphones by giving apps login credentials (i.e., a username and
password). Unfortunately, users have no assurance that their apps
will properly handle this sensitive information. In this paper, we describe
the design and implementation of ScreenPass, which significantly
improves the security of passwords on touchscreen devices.
ScreenPass secures passwords by ensuring that they are entered securely,
and uses taint-tracking to monitor where apps send password
data. The primary technical challenge addressed by Screen-
Pass is guaranteeing that trusted code is always aware of when a
user is entering a password. ScreenPass provides this guarantee
through two techniques. First, ScreenPass includes a trusted software
keyboard that encourages users to specify their passwords’
domains as they are entered (i.e., to tag their passwords). Second,
ScreenPass performs optical character recognition (OCR) on
a device’s screenbuffer to ensure that passwords are entered only
through the trusted software keyboard. We have evaluated Screen-
Pass through experiments with a prototype implementation, two insitu
user studies, and a small app study. Our prototype detected a
wide range of dynamic and static keyboard-spoofing attacks and
generated zero false positives. As long as a screen is off, not updated,
or not tapped, our prototype consumes zero additional energy;
in the worst case, when a highly interactive app rapidly updates
the screen, our prototype under a typical configuration introduces
only 12% energy overhead. Participants in our user studies
tagged their passwords at a high rate and reported that tagging imposed
no additional burden. Finally, a study of malicious and nonmalicious
apps running under ScreenPass revealed several cases of
password mishandling.