Comment by diggernet

Comment by diggernet 14 hours ago

12 replies

View on Hacker News

> "Apps were automatically taking screenshots of themselves and sending them to third parties. In one case, the app took video of the screen activity and sent that information to a third party.”

> Out of over 17,000 Android apps examined, more than 9,000 had potential permissions to take screenshots. And a number of apps were found to actively be doing so, taking screenshots and sending them to third-party sources.

Which permission is that, and how do you detect which apps are doing that and stop them?

grishka 13 hours ago

There is a permission to record the screen. It requires user consent and there's an icon in the status bar while it's being used. It's impossible to use this covertly.

What I believe the article is speaking about, is an app taking screenshots of its own windows. This is obviously possible and obviously requires no permissions whatsoever. Just make a screen-sized bitmap and do

    getWindow().getDecorView().draw(new Canvas(bitmap));
It does sound believable that third-party advertising/marketing/tracking SDKs, which many apps are chock full of, could be doing this.
Reply View 6 replies
  • daveguy 13 hours ago

    > It's impossible to use this covertly.

    *Unless there's a zero-day that allows it.

    Reply View 5 replies
    • grishka 13 hours ago

      If you're going to exploit a privilege escalation vulnerability from your app, why not just grab the most interesting parts of the /data partition while you're at it?

      Reply View 1 reply
      • daveguy 2 hours ago

        Sure why not. I wasn't implying that a zero day that allows surreptitiously recording the phone screen is the only shitty thing that can be done with your phone with a zero day.

        Also, it is possible for a zero day to break specific privileges (like screen record without notification) rather than root.

        Reply View 0 replies
    • simonw 12 hours ago

      Burning a zero-day like that for targeted advertising seems extremely unlikely to me.

      Reply View 2 replies
      • [removed] 2 hours ago
        [deleted]
        Reply View 0 replies
      • daveguy 2 hours ago

        I think you missed the point GP was making. I believe they meant the vector might come from that kind of SDK. Not that someone who had a zero day to allow surreptitiously recording phone screens would use it for that purpose.

        Reply View 0 replies
quicklime 13 hours ago

I followed the links to the study they referenced, and it says:

> Unlike the camera and audio APIs, the APIs for taking screenshots and recording video of the screen are not protected by any permission

However they also talk about doing static analysis on 9,100 out of the 17,260 apps, to determine (amongst other things) “whether media APIs are actually referenced in the app’s code”.

They then talk about doing a dynamic analysis to see which apps actually call the APIs (rather than just link to a library that might call it, but the app never calls that function the library).

The soundbite is bad, it shouldn’t say “had potential permissions to take screenshots”, it should just say “had the potential to take screenshots”

Reply View 0 replies
maxlybbert 13 hours ago

I doubt there's a specific "ability to send surreptitious screen shots to developer" permission. It must be a combination of permissions: one for making network connections, another for capturing the screen without making it obvious to the user, etc.

Reply View 1 reply
  • fzzzy 2 hours ago

    For apps that want to send their own screens to third parties, there's no permission needed or possible. The app is drawing the content to the screen. It knows what the content is.

    Reply View 0 replies
ch4s3 13 hours ago

When it's a developer tool we call it RUM or real user monitoring. It's super useful for solving bugs, but obviously the potential for abuse or user hostile activity is super high.

Reply View 0 replies
simonw 13 hours ago

... and is this permission to take screenshots of anything else you are doing on your phone at any time, or is it permission to take screenshots while you have that app open?

Reply View 0 replies