Elements of com.karacca.beetle.ui.EditScreenshotActivity are not protected against tapjacking.

[youndon]

No description provided.

[youndon]

Some elements of com.karacca.beetle.ui.EditScreenshotActivity are not protected against so-called tapjacking attacks.

Tapjacking is a technique that allows an attacker to capture the taps in your app (for example, on a virtual pin-pad), or trick users into making taps without their consent (for example, switching off an important security setting).

Tapjacking protection is especially important for security relevant parts of the app like pin or password entry.

Tapjacking example
The essence of the attack is that a malicious app places a window over your app.

• If the attacker wants to capture user clicks, that window will be transparent. The overlay window gets an opportunity to learn about the taps made in your app without the device user being aware.
• If the attacker wants to trick the user into clicking something in your app, the window will be opaque with fake controls lying exactly over the corresponding controls in your app.
  For instance, as seen in the image to the left, placing transparent overlays over each button on a pin pad allows an attacker to capture users' pin codes.