Comment by grishka
14 hours ago
There is a permission to record the screen. It requires user consent and there's an icon in the status bar while it's being used. It's impossible to use this covertly.
What I believe the article is speaking about, is an app taking screenshots of its own windows. This is obviously possible and obviously requires no permissions whatsoever. Just make a screen-sized bitmap and do
getWindow().getDecorView().draw(new Canvas(bitmap));
It does sound believable that third-party advertising/marketing/tracking SDKs, which many apps are chock full of, could be doing this.
> It's impossible to use this covertly.
*Unless there's a zero-day that allows it.
If you're going to exploit a privilege escalation vulnerability from your app, why not just grab the most interesting parts of the /data partition while you're at it?
Sure why not. I wasn't implying that a zero day that allows surreptitiously recording the phone screen is the only shitty thing that can be done with your phone with a zero day.
Also, it is possible for a zero day to break specific privileges (like screen record without notification) rather than root.
Burning a zero-day like that for targeted advertising seems extremely unlikely to me.
I think you missed the point GP was making. I believe they meant the vector might come from that kind of SDK. Not that someone who had a zero day to allow surreptitiously recording phone screens would use it for that purpose.