Defend what you create



Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen


Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86




A vulnerability in the system of Android overlays (windows that are displayed on top of other objects). It allows cybercriminals to create screen objects that are displayed on top of other interface elements of the operating system and applications. This vulnerability poses a threat to all devices running Android starting from version 4.3 and up to 8.0. Usually, to create any visual forms on top of other windows, an application needs to request an OS for the corresponding permission. However, the ToastOverlay vulnerability allows to do it without any additional requests. In theory, cybercriminals can use ToastOverlay to display phishing windows, block stable device operation, use deceptive means to make a user provide them with administrator privileges, or perform any other potentially dangerous actions.

If Dr.Web for Android has detected this vulnerability, it is strongly recommended that you contact the device manufacturer to get necessary updates for the operating system.

Technical details

The ToastOverlay vulnerability allows to create screen objects on top of other interface elements even if an application which uses this vulnerability is installed not from Google Play and has only one permission: BIND_ACCESSIBILITY_SERVICE. Android uses the TYPE_TOAST windows, that represent one of the standard overlay types, to display short messages on top of other windows. The ToastOverlay vulnerability allows to display the TYPE_TOAST window on top of other interface elements without the SYSTEM_ALERT_WINDOW request, which usually requires to be sent to the operating system and processed there. Thus, cybercriminals can display the TYPE_TOAST window on the vulnerable device without any additional privileges and track screen taps. The vulnerability is linked with the lack of permission check in the component Android AOSP. Commonly, the permission check and operation check are performed in order to display screen objects on top of other interface elements. However, they are not performed for the TYPE_TOAST windows, and the request is processed automatically. Due to this, the application, which uses the vulnerability, gains full control over the TYPE_TOAST window. The correct check of the access permissions was implemented only in Android 8.0. The following Android versions are subject to this vulnerability: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2.

See also information about other vulnerabilities

Führender russischer Hersteller von Virenschutzsoftware
Entwickelt seit 1992
Dr.Web wird in mehr als 200 Ländern genutzt
Antivirus im SaaS-Modell seit 2007
Technischer Support rund um die Uhr

Dr.Web © Doctor Web
2003 — 2021

Doctor Web ist ein russischer Entwickler von IT-Sicherheitslösungen unter dem Markennamen Dr.Web. Dr.Web Produkte werden seit 1992 entwickelt.

Doctor Web Deutschland GmbH. Quettigstr. 12, 76530 Baden-Baden