User Credential Cloning Attacks in Android Applications: Exploiting Automatic Login on Android Apps and Mitigating Strategies

Automatic login is a commonly used feature of smartphones, because their small keyboards make it difficult to key in user credential information. However, this feature may pose a serious risk to smartphone users? privacy. The stored data for automatic login could be stolen by an attacker, resulting in identity theft. In this article, we demonstrate an execution of this attack in a systematic manner through two real-world Android application case studies by implementing a prototype. We also discuss five possible defense strategies to mitigate the risk of user credential data being stolen from the application files.