Tapjacking, Security Problem on Android

Inform us Engadget that has been discovered a vulnerability in Android that allows skipping the application permissions and perform unauthorized actions using a technique called Tapjacking. I.e., an application without permissions to do anything could send sms or access your personal data.

The idea is quite ingenious. It’s developing an application which, although it opaque to the user’s eyes, is transparent for keystrokes on-screen. If the application launches other applications that are underneath it, the user will be playing things on screen that does not see, and It could perform unwanted actions. The video explains it very well.

The truth is that it is pretty far-fetched but skips the main safety mechanism on Android, which are permissions that have the applications. The vulnerability It was reported to Google and it is corrected in Gingerbread 2.3, but it continues to exist for earlier versions.

That’s why to my personally scares me enough alternative Markets that promise have payment applications for free. Who tells us that they do not put something similar who steals us information? Or that lock us the phone and they ask for money to unlock it? This is a common practice in the PCs and the mobile market can be a target. At least Google deletes malicious applications from your Market.

By the way, although the vulnerabildad of Tapjacking has been found for Android, we should see if there also for other mobile operating systems, since it is quite ingenious and does not require large operating system failures.