Tapjacking is an attack technique which involves displaying overlay window on top of some security sensitive content and tricking user into unwittingly tapping some UI elements.
It was used in a screen access vulnerability described in the previous post.
Continue reading Android Tapjacking fix
I recently had a chance to report a security issue to the Android Security Team and it was a pathetic experience. They didn’t know how permissions are presented in Play Store, couldn’t decide if it’s a feature or a bug and then changed their mind regarding issue severity for no apparent reason.
Continue reading Reporting Android Security Issue
Malicious Android app can take screenshots of other apps without your permission if you tap “START NOW” on a seemingly innocent dialog.
This is a result of an everlasting Android “tapjacking” vulnerability which allows for malicious apps to obscure other apps or system dialogs. The video below presents the vulnerability demo app.
Continue reading Watch out for “START NOW” dialogs in Lollipop
When Android 5.0 shipped with a number of bugs and memory leaks many people complained about apparent Google QA deficiencies. Surely, the initial Lollipop ROMs shouldn’t get a green flag from QA but it looks like the problem lies much deeper in Google’s delivery process.
I don’t have enough insider knowledge to point out where exactly the organizational problem lies but based on the code analysis I can demonstrate that issues span from APIs design through implementation to testing. I am going to use Lollipop Screen Capture API as an example.
Continue reading What’s wrong with Lollipop
Android SDK provides access to many great APIs and features but there are still many missing or incomplete. This is especially true about access to some slightly non-standard features. For example hardware video encoding API got added in Android 4.0 but it took four major releases before the usable API got exposed in Android 4.4 SDK.
Luckily for those of you who are not patient enough to wait two year for the private API to get publisher it’s possible to access such private APIs using couple tricks I’m going to describe in this post.