Morioh
Login
Tamia Walter

Tamia Walter

3 years ago

Chat Bubbles aka Chat Heads is a user interface element initially introduced by Facebook Messenger back in December 2012. This feature allowed Android and iOS users to chat with multiple persons while using other apps at the same time. The simplicity was the foundation on which the popularity and likeliness of chat heads relied upon.

Chat Head when message is received in Facebook Messenger — Image Credits: Zeeshan rasool

But this simplicity came with a price. The chat heads feature in Android apps required its users to grant the SYSTEM_ALERT_WINDOW permission. Introduced in the beginning since Android API Level 1, this permission is very powerful and at the same time dangerous to users.

The reason is the extensive capability this permission holds, by enabling an app to display over any other app without notifying the user. This entails a significant potential for several malicious techniques, such as displaying fraudulent ads, phishing scams, click-jacking, and overlay windows, which are common with banking Trojans. It has also been used by ransomware to create a persistent on-top screen that will prevent non-technical users from accessing their devices.

Facebook Messenger’s chat heads used the ability to overlay and draw bubbles over other apps and Android OS with the SYSTEM_ALERT_WINDOWpermission. The popularity of chat heads encouraged other Android developers to use them in their apps for different purposes. Within no time, the SYSTEM_ALERT_WINDOW permission started getting abused by hackers and malware creators to corrupt Android users’ phones and manipulate them for their own selfish gains.

Google was aware of this problem and it was busy improving the Android operating system and its security and user privacy until 2015, when Android Marshmallow (6.0) was launched. Among other features, there were runtime permissions, which asked users to allow/deny permissions during the app session to better understand the context of why the app was requesting that particular permission. The SYSTEM_ALERT_WINDOW was included in a list of very dangerous permissions which showed a full screen window to ask for the permission instead of the normal permission dialog.

#android-app-development #chat #software-development #androiddev #android

What Happened to Chat Bubbles / Heads in Android?

android.jlelse.eu

What Happened to Chat Bubbles / Heads in Android?

How the SYSTEM_ALERT_WINDOW permission has been abused over the years by malware creators & hackers?

1.90 GEEK