Mind the Gap: Action Rebinding Attacks against Android GUI Agents
Jul 16, 2026
Researchers have identified a novel cross-application 'Action Rebinding' attack that targets Android GUI agents powered by large multimodal models. This attack allows a malicious app with zero permissions to hijack the agent's execution, enabling privileged operations such as file deletion, SMS transmission, and app uninstallation. The attack exploits the observation-action gap in the agent's reasoning process and achieves a 100% success rate for atomic hijacking, while evading detection by commercial malware scanners.
Why it matters: This work exposes a fundamental security vulnerability in emerging high-privilege GUI agents on Android, revealing that current sandboxing and malware detection mechanisms are insufficient to prevent such attacks.
Full story at: arXiv Cryptography and Security ↗