Member-only story
1. Reason
The permission was introduced in Android 6.0 and it can allow an app to be displayed on top of another app, obscuring the lower-level app. In order to use the SYSTEM_ALERT_WINDOW permission, an app has to have explicit, manual approval from the user. The permission is quite powerful and many forms of Android malware and ransomware are known to abuse it in one way or another.
“The reason SYSTEM_ALERT_WINDOW is unique is the extensive capability it withholds, by enabling an app to display over any other app without notifying the user. This entails a significant potential for several malicious techniques, such as displaying fraudulent ads, phishing scams, click-jacking, and overlay windows, which are common with banking Trojans. It can also be used by ransomware to create a persistent on-top screen that will prevent non-technical users from accessing their devices,”
2. Permission SYSTEM_ALERT_WINDOW is granted on Android Lollipop?
- in MIUI use
public static boolean isMiuiFloatWindowOpAllowed(@NonNull Context context) {
final int version = Build.VERSION.SDK_INT;
if (version >= 19) {
return checkOp(context, OP_SYSTEM_ALERT_WINDOW); //See AppOpsManager.OP_SYSTEM_ALERT_WINDOW=24 /*@hide/
} else {
return (context.getApplicationInfo().flags & 1<<27) == 1;
}
}
public static boolean checkOp(Context context, int op, String packageName, int uid) {
final int version =…
