Alarming TapTrap Attack Employs An Invisible UI Trick To Bypass Android Security

A group of security researchers has developed an alarming tapjacking attack called TapTrap, which allows zero-permission apps to carry out actions that are not displayed on the screen. With TapTrap, an app can escape Android's security safeguards and eventually access sensitive data, or even do dangerous (and annoying) things like wiping your phone.

Here's how it works. Android uses transition animations to visually show how you move from one app to another. When you switch from App A to App B, the system plays a closing animation for App A and an opening animation for App B. TapTrap leverages this animation method such that App A can open App B, but you won't know because the screen still displays App A. Additionally, whatever you tap on App A will reflect in App B.

According to the developers, this was made possible using an animation that renders the ...