latest
Android Toast Messages can be Abused to Grant Accessibility or Device Admin Privileges
Researchers have demonstrated an attack using a Toast Message which can socially engineer a user into granting dangerous permissions on Android.
Android is a pretty open platform with a fantastic developer community. Many of these developers will create apps, custom ROMs and more. Some organizations also engage in security testing, such as Palo Alto Networks Unit 42. This group has discovered a vulnerability within the Android Toast Message system, which allows the attacker to create a pseudo-overlay to trick the user into granting dangerous permissions without their knowledge. This is already fixed in the September security update and in Android Oreo, so rest assured that if your phone still receives monthly security patches, or you have a device on Android Oreo, that you are not vulnerable to this attack.