Comment by pabs3
3 months ago
> When the user logs into their real banking app, the malware captures their two-factor authentication codes
That seems like a severe security bug in Android APIs or sandboxing or something else.
> bad actors can spin up new harmful apps instantly
Why are harmful apps possible at all?
> That seems like a severe security bug in Android APIs or sandboxing or something else.
No, this is the permissioned API that makes KDE Connect work, which makes Apple's Continuity look like a toy and that also lets me programmatically filter notifications.
As soon as a platform gives control to the fullscreen, harmful apps are possible.
See for example Apple detecting if a user is typing on a keyboard while in a fullscreen website, and then blocking the website. Yes it's as crazy as it's sounds.
It's a permission the app can have. Android asks the user whether to allow it when you launch the app. It's a very useful permission for some apps that I use. But a scammer can just tell the user to accept the permission.