Fig. 6From: Using IM-Visor to stop untrusted IME apps from stealing sensitive keystrokesSandbox bypassing attack. The pink and blue color represent two different state of an IME app. As shown in blue color, after the roll-back, an IME app can still access the user app’s data buffer for sensitive text by some revisited APIs and leak it out to a remote server at the beginning of next input transactionBack to article page