“Cloak and dagger” for Android

Experts at the Georgia Institute of Technology discovered a dangerous vulnerability, which threatens all versions of Android OS, including the latest – 7.1.2. They discovered that any app that gets access to functions SYSTEM_ALERT_WINDOW (“draw on top) and BIND_ACCESSIBILITY_SERVICE (“a11y”) is capable of stealing confidential user information. Moreover, applications downloaded from the Play Store get access to these functions by default. Therefore, if criminals manage to create a malicious app that uses these functions and put it up on Google’s Play, users won’t get a chance to protect themselves from the threat.

Researchers have already notified Google about this vulnerability, which has been dubbed “Cloak and dagger”. Google representatives said that they thank scientists for their assistance and work together with them on how to solve the problem.