Comment by diggernet

1 day ago

> "Apps were automatically taking screenshots of themselves and sending them to third parties. In one case, the app took video of the screen activity and sent that information to a third party.”

> Out of over 17,000 Android apps examined, more than 9,000 had potential permissions to take screenshots. And a number of apps were found to actively be doing so, taking screenshots and sending them to third-party sources.

Which permission is that, and how do you detect which apps are doing that and stop them?

16 comments

diggernet

grishka 20 hours ago

There is a permission to record the screen. It requires user consent and there's an icon in the status bar while it's being used. It's impossible to use this covertly.

What I believe the article is speaking about, is an app taking screenshots of its own windows. This is obviously possible and obviously requires no permissions whatsoever. Just make a screen-sized bitmap and do

    getWindow().getDecorView().draw(new Canvas(bitmap));

It does sound believable that third-party advertising/marketing/tracking SDKs, which many apps are chock full of, could be doing this.

daveguy 20 hours ago
> It's impossible to use this covertly.
*Unless there's a zero-day that allows it.
- grishka 20 hours ago
  
  If you're going to exploit a privilege escalation vulnerability from your app, why not just grab the most interesting parts of the /data partition while you're at it?
  
  2 replies →
- simonw 20 hours ago
  
  Burning a zero-day like that for targeted advertising seems extremely unlikely to me.
  
  2 replies →

quicklime 21 hours ago

I followed the links to the study they referenced, and it says:

> Unlike the camera and audio APIs, the APIs for taking screenshots and recording video of the screen are not protected by any permission

However they also talk about doing static analysis on 9,100 out of the 17,260 apps, to determine (amongst other things) “whether media APIs are actually referenced in the app’s code”.

They then talk about doing a dynamic analysis to see which apps actually call the APIs (rather than just link to a library that might call it, but the app never calls that function the library).

The soundbite is bad, it shouldn’t say “had potential permissions to take screenshots”, it should just say “had the potential to take screenshots”

maxlybbert 21 hours ago

I doubt there's a specific "ability to send surreptitious screen shots to developer" permission. It must be a combination of permissions: one for making network connections, another for capturing the screen without making it obvious to the user, etc.

fzzzy 9 hours ago
For apps that want to send their own screens to third parties, there's no permission needed or possible. The app is drawing the content to the screen. It knows what the content is.
- jeroenhd 4 hours ago
  
  If you're trying to track user information (notifications, actual timezone/language, battery level, VPN usage, etc) you can use screenshots of the current screen and open keyboard. You can also see stuff from other apps if the user is using split screen modes or has chat bubbles open. Apps can otherwise only access the data they render.
  The research talks about thousands of apps but I do wonder how many of these are apps people use every day and how many are Chinese clones of freemium games and other shitware with a fraction of daily users. All we know from public app store data is the number of "downloads" and even that is distributed as a range. I doubt these 19000 apps were found by doing a survey on what people actually had on their phones.
  
  2 replies →

ch4s3 21 hours ago

When it's a developer tool we call it RUM or real user monitoring. It's super useful for solving bugs, but obviously the potential for abuse or user hostile activity is super high.

simonw 20 hours ago

... and is this permission to take screenshots of anything else you are doing on your phone at any time, or is it permission to take screenshots while you have that app open?