I'm working to improve the security of an application and prevent Tapjacking. For this we have made use of:
filterTouchesWhenObscured = "true"
It seems that with this we have managed to protect the application against a situation in which the view was completely covered (FLAG_WINDOW_IS_OBSCURED) but not yet one in which it was partially covered (FLAG_WINDOW_IS_PARTIALLY_OBSCURED).
I really don't know how to handle this last situation, I have read here the meaning of the flag but I don't find documentation about how to resolve the situation.
Anyone has faced this issue before or knows how to handle it?
Thanks
For those who have the same problem finally I simply checked the flag FLAG_WINDOW_IS_PARTIALLY_OBSCURED. To do so I extended the RelativeLayout class (you could do it with any view class) an overrided the method onFilterTouchEventForSecurity:
@Override
public boolean onFilterTouchEventForSecurity(MotionEvent event) {
if (((event.getFlags() & MotionEvent.FLAG_WINDOW_IS_OBSCURED) == MotionEvent.FLAG_WINDOW_IS_OBSCURED)
|| (event.getFlags() & MotionEvent.FLAG_WINDOW_IS_PARTIALLY_OBSCURED) == MotionEvent.FLAG_WINDOW_IS_PARTIALLY_OBSCURED){
return false;
}
return super.onFilterTouchEventForSecurity(event);
}
The flag FLAG_WINDOW_IS_PARTIALLY_OBSCURED will be returned to true even if the touch is made outside the partially covered area (as long as there are some part of the view covered), so it's very useful to make security checks.
The bad part is that it's included in Api 29, so you'll have to include that version in your app in order to use it.