TapTrap: Animation‑Driven Tapjacking on Android

86•Bogdanp•6mo ago

Comments

tehwebguy•6mo ago

> independently and confidentially reported by @MG193_7 (ByteDance IES RedTeam) to the Android Security Team in early 2023

I wonder if this is in the wild anywhere, it has to be after 2.5 years right?

SoftTalker•6mo ago

Another reason not to install random apps.

subscribed•6mo ago

You probably forgot about multiple instances of malware found in the official Google Play store.

master-lincoln•6mo ago

What makes you think so? Apps in the Google Play store could be called random apps too. I guess the poster was more leaning towards trusting the developer of an app.

SoftTalker•6mo ago

I include most of Play Store apps in my definition of "random apps." If it's not from a very mainstream publisher I won't install it.

qbane•6mo ago

This has a long history dating back to the Flash era.

https://owasp.org/www-community/attacks/Clickjacking

> One of the most notorious examples of Clickjacking was an attack against the Adobe Flash plugin settings page. By loading this page into an invisible iframe, an attacker could trick a user into altering the security settings of Flash, giving permission for any Flash animation to utilize the computer’s microphone and camera.

user_7832•6mo ago

> If you use an Android phone and haven’t disabled system animations, then yes, you’re likely affected. iPhone users are not affected.

Okay... that was much worse than I expected. Looks like you can get the victim to click anywhere, which looks bad. I thought Android had protections against this?

> It is based on transition animations instead of overlays, so it doesn’t need special permissions and isn’t blocked by Android’s overlay protections.

Oh well. Not sure how that slipped past.

altfredd•6mo ago

This might be somewhat less threatening then it sounds, because it requires caller to fully control animations used for entering the targeted Activity.

In particular, this vulnerability might not overcome root permission prompts on rooted devices, because their windows are launched and controlled by the installed su app, not by attacker.

wiseowise•6mo ago

Sleek website.

_vere•6mo ago

Actually insane that this isn't patched in AOSP yet, literally the only android devices that aren't vulnerable are those running graphene. For companies as big as google, there really ought to be just disgusting financial penalties if they leave something like this unfixed for this amount of time.

svpk•6mo ago

GrapheneOS resolved this a while ago. Which shows google and other android vendors could have resolved this quickly if they were motivated too.

https://bsky.app/profile/minimalblue.bsky.social/post/3lul6i...

chasing0entropy•6mo ago

C'mon guys, Google hasn't neglected patching this for years because it would conflict with their own software's behavior, right?

Right?

trehalose•6mo ago

I fully share your distrust of Google, and I think it's unforgivable that they still haven't patched it, yet it's not obvious to me what of their own software would rely on it not being patched? (Are you suggesting Google exploits this vulnerability themself? That seems unlikely to me--they can make their own operating system do whatever evil they want it to; why would they need to trick the user into doing it for them?)

Tactical tornado is the new default

Full-Circle Test-Driven Firmware Development with OpenClaw

Automating Myself Out of My Job – Part 2

Google staff call for firm to cut ties with ICE

Dependency Resolution Methods

Crypto firm apologises for sending Bitcoin users $40B by mistake

Show HN: iPlotCSV: CSV Data, Visualized Beautifully for Free

There's no such thing as "tech" (Ten years later)

List of unproven and disproven cancer treatments

Me/CFS: The blind spot in proactive medicine (Open Letter)

Ask HN: What are the word games do you play everyday?

Show HN: Paper Arena – A social trading feed where only AI agents can post

TOSTracker – The AI Training Asymmetry

The Devil Inside GitHub

Show HN: Distill – Migrate LLM agents from expensive to cheap models

Show HN: Sigma Runtime – Maintaining 100% Fact Integrity over 120 LLM Cycles

Make a local open-source AI chatbot with access to Fedora documentation

Introduce the Vouch/Denouncement Contribution Model by Mitchellh

Software Factories and the Agentic Moment

The Neuroscience Behind Nutrition for Developers and Founders

Bang bang he murdered math {the musical } (2024)

A Night Without the Nerds – Claude Opus 4.6, Field-Tested

Could ionospheric disturbances influence earthquakes?

SpaceX's next astronaut launch for NASA is officially on for Feb. 11 as FAA clea

Show HN: One-click AI employee with its own cloud desktop

Show HN: Poddley – Search podcasts by who's speaking

Same Surface, Different Weight

The Rise of Spec Driven Development

The first good Raspberry Pi Laptop

Seas to Rise Around the World – But Not in Greenland