Reputation: 458
Find (and disable) applications that draw over mine
I'm working on a security-related app and I need to detect whether an app is drawing / displaying something on top of my screen, in order to detect malicious apps grabbing user touch on top of my interface ( including transparent views ).
I found several sample codes around, which sadly don't work anymore on Android 7 and up. They relied partially on listing processes in /proc , but that doesn't work anymore, as proc returns only own process now.
Is there a way to do it properly for 7+ ?
That's an example of a simple interface and the transparent overlay is another app / service that draws on top of it. I want to detect that.
I can request device admin if that would help.
Upvotes: 2
Views: 562
Answers (1)
Reputation: 13019
At first I thought "this type of attack should be impossible by now". Then I googled tapjacking android and found this blog post by Prateek Panda, blog.devknox.io:
"If you’re a developer, please relate with the plight of users and add the following to your checklist of pre-release: ensure that the setting filterTouchesWhenObscured is set to true, or that the method onFilterTouchEventForSecurity() is implemented in your app."
So it seems that's what you can do in your own app to defend against tapjacking.
(See also the documentation on View, paragraph "Security")
I can understand that for reasons of privacy not even a device admin is allowed to know which apps are currently running.
But it would be nice if there was a way to enforce security settings programmatically to follow the blog posts advice:
If you’re a user, simply hop over to your Settings area and set the section deals with overlay screens. It should be called either “Apps that can appear on top” or apps that “Draw over other apps”. If you’re still not sure, a simple Google search for your phone make will reveal the setting.
Unfortunately it seems to me that the Device Admin API does not offer such an option. It seems to be mainly about passwords, encrypted storage and disabling the camera.
It's disappointing, to say the least. And I'd love to hear I missed something out there.
Upvotes: 2
Related Questions
- How to programmatically grant the "draw over other apps" permission in android?
- Draw Over Other Apps ~ Disabled / Grayed Out ~
- Draw over other apps not working on android 8.0
- How to block Android app from being drawn on top of it? (Avoid Cloack&Dagger attacks)
- Apps that can draw on top of the screen without permission
- Android detect or block floating/overlaying apps
- Android: checking whether there is anything drawn in to Android Canvas
- "Draw over other apps" change listener?
- Draw over another app?
- "DRAW OVER OTHER APP" is which permission in android