SMASheD first sends an intent to open Google Play Store’s app page.
Then, SMASheD injects touch events on the install button and then the accept button to grant the app with the requested permission. Finally, it closes Google Play Store app.


SMASheD records the user’s pattern unlock while she is unlocking her phone and then inject the recorded pattern to unlock the phone

We implemented the algorithm used to detect Tap-Wave-Rub’s wave gesture following the instructions in [1]. Whenever the user wants to make a phone call, Tap-Wave-Rub asks her to perform a wave gesture, if the wave gesture is not detected within 10 seconds Tap-Wave-Rub does not allow her to make the phone call.
In our attack, SMASheD records a valid wave gesture and replays it. SMASheD was able to deceive Tap-Wave-Rub successfully.



  1. Haoyu Li, Di Ma, Nitesh Saxena, Babins Shrestha, and Yan Zhu. 2013. Tap-Wave-Rub: lightweight malware prevention for smartphones using intuitive human gestures. In Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks (WiSec ’13). ACM, New York, NY, USA, 25-30. DOI=10.1145/2462096.2462101