Tapjacking Protection

Tapjacking is a security problem that occurs when the app’s screen is completely or partially obscured by an overlay window. The overlay window can be created in a way that allows user to click through it the app below. This way the user can be tricked into clicking in an app while (s)he thinks (s)he’s clicking in a different app (the overlay window).

Malwarelytics for Android tries to prevent tapjacking by disabling click events when the app screen is at least partially obscured by another app’s window and at least one of the apps capable of creating such overlays is deemed “problematic”.

The sensitivity of tapjacking prevention can be defined in the SDK configuration.

Limitation of Tapjacking Protection

Limitations of Android APIs restrict an apps capabilities to uncover the culprit app that’s creating the overlay. Android APIs allow only to get the list of apps that are capable of doing so.

Troubleshooting for Users

When the protection is on the app is not going to react to user clicks unless at least one of these things happen:

  1. No app is actively creating an overlay window above other apps.
  2. All “problematic” apps capable of creating overlays are uninstalled.

The SDK tries to simplify potential troubleshooting process as much as possible. The app developer is provided with the list of “problematic” apps triggering the protection and means to easily navigate the user into the system settings to turn off overlays.

The SDK offers utility method that opens the system settings responsible for granting/removing system overlay permission for the installed apps. To open the settings call:


User of the device can then adjust the settings to make the app respond to clicks again.

Last updated on Nov 29, 2021 (10:21) View product


Malwarelytics for Android