Notebookcheck Logo

New Android security flaw allows screen recording without direct user permission

Yet another Android exploit. (Source: Pixabay)
Yet another Android exploit. (Source: Pixabay)
A security research firm has revealed an Android exploit which allows a rogue application to record all on-screen activity without the user's permission. This has been fixed in Android 8, but users on older versions are still vulnerable. Fortunately, the exploit works in a way which causes Android to create a notification in the status bar.

Cyber security firm, MWR InfoSecurity, has revealed the details of an Android bug which allows a rogue app to start screen recording without the user’s consent. This exploit was reported to Google back in January 2017 and is fixed in Android 8 Oreo, but Android 5 to 7.1 are still vulnerable.

The exploit uses the MediaProjection service which allows developers to capture screen contents and record system audio without root access and has been part of the Android Framework since version 5.0. A screen recording can be started using a virtual module in the same way that an Android device might cast to a Google Chromecast.

Programmed behavior would involve a pop-up message asking the user for permission to start casting or recording, but this exploit consists in using a technique to draw an overlay on top of the pop-up requesting permissions, tricking the user into clicking a button which sits above the “allow” position on the original pop-up.

The recommended solution is to upgrade to Android 8.0, something which all Android users know is easier said than done on most devices which aren’t on a manufacturers upgrade list or don’t have good third party ROM support. The latest statistics regarding Android version adoption shows that 77.5 percent of devices are running one of the vulnerable versions of Android from 5.0 to 7.1.

Fortunately for those who can’t upgrade, the attack is detectable with a little vigilance. Because this method relies on creating a virtual display using the MediaProjection Service, it causes Android to show the screencast icon in the notification bar (the same one that you see when using a Chromecast). Therefore any sightings of this symbol when not using screencasting should be an immediate giveaway that something is amiss.

Example of the screencast notificaiton. (Source: MWR InfoSecurity)
Example of the screencast notificaiton. (Source: MWR InfoSecurity)


static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2017 11 > New Android security flaw allows screen recording without direct user permission
Craig Ward, 2017-11-18 (Update: 2017-11-18)