TLDRocket
Sign in

Mobile Security

1 summarised story about Mobile Security, each linking back to the original source. Browse all topics →

Thursday, 16 July 2026

Mind the Gap: Action Rebinding Attacks against Android GUI Agents

arXiv cs.AI 18 hours ago

Researchers demonstrated a cross-application attack called Action Rebinding that allows malicious Android apps with zero permissions to hijack GUI agents powered by large multimodal models and perform privileged operations like deleting files or sending SMS. The attack exploits the observation-action gap in the agent's reasoning pipeline by rendering a benign app to trigger an intended action, then swapping to a sensitive target app during reasoning latency, with a 100% success rate across six tested Android GUI agents. This attack bypasses Android's application sandboxing security model and evades malware detection tools because the malicious app contains no privileged API calls, creating a fundamental security conflict between GUI automation agents and mobile platform security architecture.