Comment by grishka

20 hours ago

There is a permission to record the screen. It requires user consent and there's an icon in the status bar while it's being used. It's impossible to use this covertly.

What I believe the article is speaking about, is an app taking screenshots of its own windows. This is obviously possible and obviously requires no permissions whatsoever. Just make a screen-sized bitmap and do

    getWindow().getDecorView().draw(new Canvas(bitmap));

It does sound believable that third-party advertising/marketing/tracking SDKs, which many apps are chock full of, could be doing this.

7 comments

grishka

Reply
daveguy  20 hours ago

> It's impossible to use this covertly.

*Unless there's a zero-day that allows it.

  • grishka  20 hours ago

    If you're going to exploit a privilege escalation vulnerability from your app, why not just grab the most interesting parts of the /data partition while you're at it?

    • daveguy  9 hours ago

      Sure why not. I wasn't implying that a zero day that allows surreptitiously recording the phone screen is the only shitty thing that can be done with your phone with a zero day.

      Also, it is possible for a zero day to break specific privileges (like screen record without notification) rather than root.

  • simonw  20 hours ago

    Burning a zero-day like that for targeted advertising seems extremely unlikely to me.

    • daveguy  9 hours ago

      I think you missed the point GP was making. I believe they meant the vector might come from that kind of SDK. Not that someone who had a zero day to allow surreptitiously recording phone screens would use it for that purpose.