Android’s new attack deceives you to give dangerous permits

A team of academic researchers has discovered a new Android security exploitation that raises many questions about the platform permits system. The technique, called APTRAP, uses user interface animations to visually deceive it to grant confidential permits or perform harmful actions. Unlike the previous tapjacking attacks, Android Attack operates at the beginning of the transparent system on regular applications interfaces. The result is an almost invisible layer that silently captures its taps and interactions.

Register for my free Cyberguy report
Get my best technological tips, urgent security alerts and exclusive offers delivered directly to your inbox. In addition, you will get instant access to my definitive scam survival guide, free when it joins me Cyberguy.com/newsletter

The new Google AI makes the most intelligent robots without the cloud

How the exploitation of Android of Acttrap deceives him to grant permits

As reported by Bleeping Computer, APTRAP takes advantage of how Android handles activity transitions between applications. A malicious application can start a system level screen using the standard start activity function, but modify how the screen appears using a personalized animation. By establishing the opacity of start and completion at a very low value, such as 0.01, the activity becomes almost invisible to the user.

The touch entry is still completely registered by the transparent screen, although users only see the visible application underneath. Attackers can also apply a scale animation that expands a specific user interface element, such as a permit button, to fill the screen. This increases the possibility that a user touch without knowing the button.

What is artificial intelligence (AI)?

The researchers published a video that shows how this technique could be used in a game application to silently launch a Chrome browser permit message. The notice requests access to the camera, and the user takes advantage of “allows” without realizing what he has done. Because the malicious screen is transparent, there are no visual signs that suggest that something suspicious happens.

Why 76% of Android applications are vulnerable to APTRAP

To evaluate how extended vulnerability could be, the researchers tested almost 100,000 Play Store applications. It was discovered that approximately 76% are potentially vulnerable, not because they are malicious, but because they lack key safeguards. These applications had at least one screen that could be released by another application, share the same task stack, could not cancel the predetermined transition animation and did not blocked the user’s entry during the transition.

Android enables these default animations. Users can only disable them through the configuration that are generally hidden, such as developer options or accessibility menus. Even the latest version of Android, tested on a Google Pixel 8A, remains unprotected with this exploit.

Grapheneos, an operating system focused on Android -based security, confirmed that its current version is also affected. However, he plans to launch a solution in his next update.

Get the News business on the fly by clicking here

Google has recognized the problem and said that a future Android update will contain a mitigation. Although no exact timeline has been announced, Google is expected to change how entrances and animations are handled to avoid the invisible interception of TAP.

The company added that developers must follow Play Store’s strict policies and that any application found that abuses this vulnerability will face compliance actions.

4 ways in which it can be kept safe from the APTRAP attack

1) Consider a mobile security application: Use a trustworthy antivirus or a mobile confidence security application that can detect suspicious behavior or alert it to applications using overquakers or accessibility functions incorrectly.

Get my elections for the best 2025 antivirus protection winners for their Windows, Mac, Android and iOS devices in Cyberguy.com/Lockupyoutech

2) Be selective about the applications you install: Avoid installing applications just because they are in trend or have striking ads. Verify the developer’s credibility, recent reviews and application permissions before downloading.

3) Stay in the Google Play store: While it is not perfect, the Play store has better safeguards than random APK sources. Avoid installing applications in third -party stores or unknown websites.

4) Pause before granting permits: If an application suddenly requests access to your camera, microphone or other sensitive characteristics, take a moment. Always ask if this application really needs this permission at this time.

Kurt key takeway

APTRAP shows that security threats do not always come from complex code or aggressive malware. Sometimes, small supervisions in visual behavior can open paths for severe abuse. In this case, the danger lies in what users do not see. People trust what they can see on their screens. This attack breaks that link by creating a visual mismatch between intention and the result.

Click here to get the News application

Do you trust the applications that installs from Play Store or deeper cavas before downloading? Get us knowing in Cyberguy.com/contact

Register for my free Cyberguy report
Get my best technological tips, urgent security alerts and exclusive offers delivered directly to your inbox. In addition, you will get instant access to my definitive scam survival guide, free when it joins me Cyberguy.com/newsletter

Copyright 2025 Cyberguy.com. All rights reserved.