Brief description: I have always thought that the suspended window is a little suspended on android. I tried it today. It is really a powerful tool for phishing. It was the touch hijacking
Detailed Description: The process is very simple.
1. Start a background service and listen to the processes currently being executed.
GetSystemService (Context. ACTIVITY_SERVICE). getRunningTasks (1). get (0). topActivity. getPackageName () can be used to obtain the process at the top of the stack.
When you encounter "com. qq. android", take a break and choose a handsome time to bring up a floating window.
2. The floating window can be customized and controlled freely.
GetSystemService (Context. WINDOW_SERVICE) obtains a window manager that calls addView to add a floating view.
The view can be customized through LayoutInflater. The effect is as follows (ued skills are too poor:-(floating windows can overwrite the entire screen and touch events can be captured)
Proof of vulnerability:
Solution:
In the past, the tap hijacking solution, but there should be no such bug on the mobile phone.
Author: androidhacker