mobsf.mobsfscan.best_practices.tapjacking.android_detect_tapjacking

MobSF

Author

unknown

Download Count*

License

This app does not have capabilities to prevent tapjacking attacks. An attacker can hijack the user's taps and tricks him into performing some critical operations that he did not intend to.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: android_detect_tapjacking
    patterns:
      - pattern-either:
          - pattern: |
              $F.setFilterTouchesWhenObscured(true);
    message: This app does not have capabilities to prevent tapjacking attacks. An
      attacker can hijack the user's taps and tricks him into performing some
      critical operations that he did not intend to.
    languages:
      - java
    severity: INFO
    metadata:
      cwe: cwe-200
      owasp-mobile: m1
      masvs: platform-9
      reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-for-overlay-attacks-mstg-platform-9
      license: LGPL-3.0-or-later

Short Link: https://sg.run/rqjn