Android Vulnerability Allows Secret Screen Recording Without User Knowledge

Security researchers from MWR InfoSecurity have discovered a new exploit in Android that enables screen recording on users’ devices without their knowledge. The vulnerability affects Android versions from 5.0 Lollipop up to 7.1 Nougat.

How the Exploit Works

The exploit takes advantage of the MediaProjection framework, which was introduced in Android 5.0. This framework allows app developers to capture screen images and/or record audio. Before Lollipop, such actions required superuser rights or special keys, but the introduction of MediaProjection made the process much easier for developers.

Normally, apps using MediaProjection must request access through pop-up notifications. However, the exploit allows attackers to display their own notifications over these, tricking users into granting permission without realizing it.

Who Is Affected?

Google fixed this vulnerability in Android 8.0 Oreo. However, according to Google, 77.5% of Android devices are still running versions between 5.0 and 7.x. It is currently unknown whether this vulnerability will be patched in these older versions.

How to Protect Yourself

• Always review and confirm app permission requests before installing any application.
• Pay attention to any icons or notifications indicating that screen recording is active.