A pair like Cyrillic ԁ (U+0501) and Latin d scores 0.781 mean SSIM across 18 fonts. That sounds moderate. But it is pixel-identical (SSIM 1.000) in eight of those fonts: Arial, Menlo, Cochin, Tahoma, Charter, Georgia, Baskerville, and Verdana. An attacker needs only one font to succeed. The exploitable risk is the max, not the mean.
The secure-env-demo repo has everything you need to try both approaches. Clone it, pick the one that fits your setup, and run the demo app:
。同城约会是该领域的重要参考
FontPairsHigh (= 0.7)% highZapfino600.0%Didot1042019.2%Avenir Next Condensed761519.7%Futura591220.3%
半年前,黑龙江哈尔滨市民武女士接到自称“客服”的陌生来电,对方准确报出其个人信息,并以“保单扣费”为由要求其下载指定APP。正当她慌乱之际,手机屏幕突然弹出醒目的诈骗预警提示。她瞬间清醒,当即挂断电话。