A new tapjacking attack called TapTrap utilizes Android UI animations to bypass permission systems and manipulate users into dangerous actions. Despite updates, Android 15 and 16 remain vulnerable, prompting industry and security communities to seek mitigations. #TapTrap #AndroidVulnerability
Keypoints
- TapTrap exploits UI animations to create visual mismatches, deceiving users during sensitive operations.
- The attack can launch almost invisible activities that receive touch inputs, tricking users into granting permissions.
- Most examined apps in the Google Play Store are vulnerable since they have activities launched by other apps without proper transition controls.
- Android 16 and GrapheneOS are still susceptible, but fixes are planned for future updates.
- Google has acknowledged the vulnerability and stated that it will address the issue in upcoming Android updates.