Search Issue Tracker
Fixed in 2017.2.X
Votes
0
Found in
5.6.0f3
Issue ID
898030
Regression
No
[Android] Apps can be tapjacked
Android security issue:
All views (e.g. GLSurfaceView) in the UnityPlayerActivity should have .setFilterTouchesWhenObscured(true) set, otherwise an attacker application can invisibly record all touch input to the Unity application without the user knowing.
How to reproduce:
1. Open QA attached project
2. Build to device
3. Start android studio project and run it
4. In the built app press start (It will launch the unity project)
5. Click on the droids on the app
Expected result: The input is registered on top layer
Actual result: The touches pass through the android “Toast” window, and go to the unity app
Reproduced on: 5.4.5p1, 5.5.1f1, 5.5.3p1. 5.6.0f3. 2017.1.0b1
Reproduced with:
Google Galaxy Nexus, OS:4.3, CPU:armeabi-v7a, GPU:PowerVR SGX 540
Samsung S5 Neo SM G903F, OS:6.0.1, CPU:armeabi-v7a, GPU:Mali-T720
Google Nexus 5X*, OS:7.1.1, CPU:arm64-v8a, GPU:Adreno (TM) 418
Fixed in: 2017.2.0a1
Backported to: 5.4.5p3, 5.5.4p1, 5.6.1p2, 2017.1.0b6
Comments (2)
Add comment
All about bugs
View bugs we have successfully reproduced, and vote for the bugs you want to see fixed most urgently.
Latest issues
- “Remove Unused Overrides” available on not loaded Scene and throws “ArgumentException: The scene is not loaded” warning
- Adaptive Probe Volume occlusion edge is calculated incorrectly when viewing probes near geometry edges
- Sampling a texture using an HLSL file throws shader errors and the code does not compile
- "Graphics.CopyTexture called with null source texture" error when Base Camera of an Overlay Camera is removed with DX11 Graphics API and Compatibility Mode enabled
- WebGL sends wrong value with large numbers when SendMessage function is used
ashvendra
Jun 18, 2019 10:33
Here is an explanation on tapjacking https://blog.devknox.io/tapjacking-android-prevent/
It happened with me when I was trying to download this very old game Pocket Tanks from https://www.pockettanks.org I am not sure if the application that I download from their caused it or there were other miscellaneous apps in my phone.
This was probably due screen overlays that were created. I am now trying to reproduce the same issue on Note 4.