Type: New Feature
Affects Version/s: None
Fix Version/s: Release 9.3.0
Need option to overcome the Tapjacking issue in android and IOS devices
Sprint:2020 Sprint 17, 2020 Sprint 18, 2020 Sprint 19
"Tapjacking" is an Android exploit where a malicious app can display a translucent system overlay on top of other apps with the intent of intercepting touches or to trick the end-user into tapping the overlay app instead of the intended app.
We need new properties/events to prevent and detect this.
- Add boolean property "filterTouchesWhenObscured" to all Ti.UI.View derived types. When set true, will prevent all touch/click related events that have passed through another app's overlay window.
- Add event "touchfiltered" to Ti.UI.Button to be fired if "filterTouchesWhenObscured" is set true and the touch event was filtered due to an overlay. This event is intended to display an alert dialog to the end-user explaining the reason why the action was blocked.
- Add boolean property "obscured" to all touch/click related events. Will be true if touch event passed through another app's overlay and "filterTouchesWhenObscured" is false. Allows app developer to do manual filtering.
The attached AppcOverlay.apk is an Android test app made by us to display a system overlay. We can use this to test the "obscure" touch event handling/filtering.
This was requested by customer K. Sakthivel. Please see attached conversation Chat - Motiur.docx with tech-support.