Gingerbread Features Measures to Prevent Touch-Event Highjacking


lookoutlogoLookout Mobile Security was recently in the news when their application for Android was able to locate a stolen car after it was highjacked from its owner, but that isn’t the only sort of highjacking they are concerned with. During the course of developing their own mobile application and after observing common tactics used by malicious Android programs, they forwarded a huge piece of advice to the Android team, and Google’s crew responded accordingly.

Up until Android 2.3, the OS was vulnerable to touch-event highjacking. This was accomplished when a false UI was placed over an applications true interface to trick users into clicking on ads, make purchases, install malicious apps, wipe phone data, or grant unwanted permissions. An example would be an application that on the surface may look like, say, a game where the user taps a “Start” button, while in reality that is a false layer overtop of a checkbox altering system settings.

In Android 2.3, the team at Google has implemented certain functions that will prevent apps from being vulnerable to touch-event highjacking. This is accomplished by allowing a layer to be interacted with only when it is the topmost visible layer. Developers will still need to take steps to protect their applications and users, but it isn’t much more than a few lines of code. Good on Lookout for, well, looking out for all Android users, not just those using their mobile apps. For more tech-y details and some of the developer nitty gritty, see the source link below.

[via Lookout]

Kevin Krause
Pretty soon you'll know a lot about Kevin because his biography will actually be filled in!

Ekahau Launches Android App for IT Gurus, $299 Price Tag is Not for the Faint of Heart

Previous article

Have You Seen Samsung’s Turkish Android Market?

Next article

You may also like


  1. Very interesting. Thanks!

    I think I will head to the market and go buy their app.

  2. Wow, all those apps I installed, and I never even thought about a vulnerability like that. o__o

    Good to see Google has our backs …

  3. Those guys know what they are doing. I trust and use their apps

  4. Hmm, I had heard about that theft, but this whole ‘tap-jacking’ thing is new to me. Thanks for the info phandroid.

Leave a reply

Your email address will not be published. Required fields are marked *

More in Apps