TapJacking Attacks, a thorough guide

PART 1

Or Continue to Part 2

Introduction

An underestimated permission

Free Floating Windows (FFW)

Implementing a Floating Button

<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
Button floatingButton = new Button(getApplicationContext());
int width = 400;   //FFW width 
int height = 400; //FFW height
WindowManager windowManager = (WindowManager) getSystemService(WINDOW_SERVICE);WindowManager.LayoutParams params = new WindowManager.LayoutParams(width, height,
WindowManager.LayoutParams.TYPE_APPLICATION_OVERLAY,
WindowManager.LayoutParams.FLAG_NOT_TOUCHABLE | WindowManager.LayoutParams.FLAG_NOT_FOCUSABLE,
PixelFormat.TRANSPARENT);
windowManager.addView(floatingButton, params);

References

Security Researcher, former Camel Rider, developer of https://github.com/Ch0pin/medusa