How to detect when my Activity has been obscured?

Asked 4/7, 2016 at 6:27 Answered 13/3, 2017 at 12:3

android android-activity overlay system-alert-window

I would like to be able to detect if my Activity has been obscured by, say, a system alert or some other overlay (for example the power menu when I long press on the power button), or some malware that detects the launch of my Activity. I noticed that the foreground app in this case would still be my app, so I can't simply base it on what the foreground app is. I also notice that onPause() isn't called when my Activity is obscured, so I can't put any logic in onPause() either. Even if I can though, I would then have to differentiate between a system alert/overlay and the user pressing the back/home button.

Are there any other ways for me to accomplish this?

Plumlee answered 4/7, 2016 at 6:27 Comment(6)

onPause() should be the place. It has to be called everytime your activity goes in background. can you please recheck ? – Reimers 4/7, 2016 at 6:29

I think, you should add some boolean in onBackPressed or in HomePressEnabled condition. – Countercheck 4/7, 2016 at 6:34

@abhishek-bansal I've already checked and confirmed it. onPause() isn't called when system alerts, such as the Power menu or volume control are overlaid on my Activity. – Plumlee 4/7, 2016 at 6:48

I am able to partially accomplish this by placing OnTouchListener to my UI elements as well as the root View. In this case, if the overlay relays touch events to my activity, AND the part of my Activity that was touched is obscured, then I'm able to detect that it's obscured and do something about it. However, it still doesn't guard against 2 cases: – Plumlee 5/7, 2016 at 3:51

1. If the overlay doesn't relay touch events to my Activity. In this case the OnTouchListener won't be called. 2. If the area that was touched is not obscured by the overlay, in the case of a partial overlay. In this case, the OnTouchListener won't know that the Activity is partially obscured, it only knows that it's not. This still leaves me open to a peephole attack. – Plumlee 5/7, 2016 at 3:51

I've created a sample to show all ways to detect: https://mcmap.net/q/537454/-how-do-apps-detect-that-saw-permission-is-currently-being-used – Anklet 2/4, 2022 at 17:11

You can check if Activity, Fragment or View is Obscured.

For Activity you need override dispatchTouchEvent method and check if event has flag FLAG_WINDOW_IS_OBSCURED. There is example code:

public class OverlayTouchActivity extends Activity {
    private boolean mObscuredTouch;

    public boolean isObscuredTouch() {
      return mObscuredTouch;
    }

    @Override
    public boolean dispatchTouchEvent(MotionEvent event) {
      mObscuredTouch = (event.getFlags() & MotionEvent.FLAG_WINDOW_IS_OBSCURED) != 0;
      return super.dispatchTouchEvent(event);
    }
}

This is a part of Android code, please check OverlayTouchActivity.java. In order to check if Fragment is obscured, execute the following piece of code in Fragment that belongs to the OverlayTouchActivity activity:

OverlayTouchActivity activity = (OverlayTouchActivity) getActivity();
if (activity.isObscuredTouch()) {
    // Fragment is bbscured
}

Please see AppPermissionsFragment.java fragment (search for OverlayTouchActivity).

For View you should override onFilterTouchEventForSecurity method. For more information please see security section of View documentation.

Devoir answered 13/3, 2017 at 12:3 Comment(0)

You can use the PackageManager to query whose of the installed packages has suspect permissions like SYSTEM_ALERT_WINDOW, BIND_ACCESSIBILITY_SERVICE or BIND_DEVICE_ADMIN.

Alphaalphabet answered 13/7, 2016 at 3:11 Comment(3)

Why would BIND_DEVICE_ADMIN matter? Can admin apps show stuff on top? If so, how? And about BIND_ACCESSIBILITY_SERVICE , can all apps that have it show stuff on top, or there is a more precise query? – Anklet 1/4, 2022 at 9:24

Actually in the past, when you have some app sideloaded in the OS image, it's possible that it has more permissions at runtime than others and thus be able to overlay over admin apps, but it has been mitigated started Android Nougat and further. – Alphaalphabet 6/4, 2022 at 17:23

I don't understand how it's an answer to what I asked... – Anklet 6/4, 2022 at 22:50

Recommended topics

Hot tags