Overlay attack

ACuriousFellow

I was reading this article which talks about an overlay attack.

I wondered if graphene would be susceptible to this ?

https://zimperium.com/blog/from-lock-screen-to-wallets-btmob-rat-now-targets-alipay-pins

The overlay is stored within the application’s assets directory in an encrypted format. This tactic helps it avoid detection during static analysis. Once decrypted, the overlay can dynamically change its appearance to look like the normal lock screen configured on the device. This capability enables the malware to target all three authentication methods effectively

wizoatk

Yes, still susceptible if the user enables accessibility permission for the malware app when prompted.

https://grapheneos.org/usage#accessibility

Third party accessibility services can be installed and activated. This includes the ones made by Google. Most of these will work but some may have a hard dependency on functionality from Google Play services for some of their functionality or to run at all. Accessibility services are very powerful and we strongly recommend against using third party implementations if you can get by well without them. We plan to add safeguards in this area while still keeping them working without problematic barriers.