5

I would like to be able to detect if my Activity has been obscured by, say, a system alert or some other overlay (for example the power menu when I long press on the power button), or some malware that detects the launch of my Activity. I noticed that the foreground app in this case would still be my app, so I can't simply base it on what the foreground app is. I also notice that onPause() isn't called when my Activity is obscured, so I can't put any logic in onPause() either. Even if I can though, I would then have to differentiate between a system alert/overlay and the user pressing the back/home button.

Are there any other ways for me to accomplish this?

user1118764
  • 9,255
  • 18
  • 61
  • 113
  • `onPause()` should be the place. It has to be called everytime your activity goes in background. can you please recheck ? – Abhishek Bansal Jul 04 '16 at 06:29
  • I think, you should add some boolean in onBackPressed or in HomePressEnabled condition. – Tushar Pandey Jul 04 '16 at 06:34
  • @abhishek-bansal I've already checked and confirmed it. onPause() isn't called when system alerts, such as the Power menu or volume control are overlaid on my Activity. – user1118764 Jul 04 '16 at 06:48
  • I am able to partially accomplish this by placing OnTouchListener to my UI elements as well as the root View. In this case, if the overlay relays touch events to my activity, AND the part of my Activity that was touched is obscured, then I'm able to detect that it's obscured and do something about it. However, it still doesn't guard against 2 cases: – user1118764 Jul 05 '16 at 03:51
  • 1. If the overlay doesn't relay touch events to my Activity. In this case the OnTouchListener won't be called. 2. If the area that was touched is not obscured by the overlay, in the case of a partial overlay. In this case, the OnTouchListener won't know that the Activity is partially obscured, it only knows that it's not. This still leaves me open to a peephole attack. – user1118764 Jul 05 '16 at 03:51
  • I've created a sample to show all ways to detect: stackoverflow.com/a/71719568/878126 – android developer Apr 02 '22 at 17:11

2 Answers2

6

You can check if Activity, Fragment or View is Obscured.

For Activity you need override dispatchTouchEvent method and check if event has flag FLAG_WINDOW_IS_OBSCURED. There is example code:

public class OverlayTouchActivity extends Activity {
    private boolean mObscuredTouch;

    public boolean isObscuredTouch() {
      return mObscuredTouch;
    }

    @Override
    public boolean dispatchTouchEvent(MotionEvent event) {
      mObscuredTouch = (event.getFlags() & MotionEvent.FLAG_WINDOW_IS_OBSCURED) != 0;
      return super.dispatchTouchEvent(event);
    }
}

This is a part of Android code, please check OverlayTouchActivity.java. In order to check if Fragment is obscured, execute the following piece of code in Fragment that belongs to the OverlayTouchActivity activity:

OverlayTouchActivity activity = (OverlayTouchActivity) getActivity();
if (activity.isObscuredTouch()) {
    // Fragment is bbscured
}

Please see AppPermissionsFragment.java fragment (search for OverlayTouchActivity).

For View you should override onFilterTouchEventForSecurity method. For more information please see security section of View documentation.

MikePtr
  • 1,661
  • 1
  • 16
  • 18
0

You can use the PackageManager to query whose of the installed packages has suspect permissions like SYSTEM_ALERT_WINDOW, BIND_ACCESSIBILITY_SERVICE or BIND_DEVICE_ADMIN.

william gouvea
  • 554
  • 4
  • 6
  • Why would BIND_DEVICE_ADMIN matter? Can admin apps show stuff on top? If so, how? And about BIND_ACCESSIBILITY_SERVICE , can all apps that have it show stuff on top, or there is a more precise query? – android developer Apr 01 '22 at 09:24
  • Actually in the past, when you have some app sideloaded in the OS image, it's possible that it has more permissions at runtime than others and thus be able to overlay over admin apps, but it has been mitigated started Android Nougat and further. – william gouvea Apr 06 '22 at 17:23
  • I don't understand how it's an answer to what I asked... – android developer Apr 06 '22 at 22:50