Hi Alessandro,

There are cases where the specific behaviour is considered as a feature. I guess this is the reason that Android doesn't not filter touches by default (although S is coming with groundbreaking changes in regards to the UI). Regarding chrome, as the attack applies mainly to dialogs, the clickjacking protection must be implemented by the web page it self. A rule of thumb (and as I mention in PART 3), is to apply this filter in 'sensitive' decision screens: banking transaction screens, permission screens, consent screens e.t.c.