Comment by autoexec
7 months ago
> That the app does not require permissions is the notable bit here.
The article mentions that "the attacker renders something transparent in front of the target app". I would have thought that sort of thing would require the "appear on top" permission.
This sounds like a trick I read about years ago. Disappointing if it hasn’t been fixed.