This Android application is a proof-of-concept demonstrating tapjacking techniques using full and partial screen overlays. It is intended for educational and research purposes only, helping Android developers and security researchers understand the risks associated with screen overlays.
Here you can read more about Tapjacking.
- Launch any activity via package name and activity class name, or browse installed apps directly.
- Trigger an app using a deep link URI.
- Display a full-screen overlay.
- Display a partial overlay that covers the entire screen except a user-defined area, leaving a target button exposed and clickable.
Main screen | Full overlay
Partial overlay
- Download the APK.
- Install it.
- Clone the repository:
git clone https://github.com/frankheat/tapjacking-poc.git- Open the project in Android Studio.
- Build and install the app on a device (minSdk 26 - Android 8.0+).
- Start Activity: Provide a target app's package and full activity class name, or use the Browse button to pick from the list of installed apps and their exported activities.
- Deep Link: Provide a URI to launch.
- Full: Launches a fullscreen semi-transparent overlay over the target app.
- Partial: Opens an interactive selection screen over the target app. Tap two corners to define the area to leave exposed, then confirm. Four opaque overlays are placed around the selected area, covering the rest of the screen while leaving the target button visible and clickable.
- SYSTEM_ALERT_WINDOW ("Draw over other apps"): required to display overlays. The app redirects to the system settings page if not yet granted.
- POST_NOTIFICATIONS (Android 13+): required to show the persistent notification with the Stop action for the partial overlay.
- QUERY_ALL_PACKAGES: required to browse the full list of installed apps.
