Hide non-system overlays

Guardsquare recommended technique

	Technique summary
Technique	Hide non-system overlays
Against	View injections
Limitations	API Level ≥31 (Android ≥12)
	Does not protect against activity injections
	setHideOverlayWindows requires permission, `Manifest.permission.HIDE_OVERLAY_WINDOWS`.
Side effects	None
Recommendations	Recommended for use combined with other techniques

Starting at API 31 (Android 12), Android introduced a definitive feature to protect against malicious overlays. To use this feature, call the method setHideOverlayWindows(true) on your specified activity windows.

Apply this to every activity view that requests sensitive information from the user, such as pin codes, passwords, credit card details, etc. Doing so will prevent non-system overlays from obscuring such views on recent Android versions.

Button detectOverlayButton = (Button)findViewById(R.id.btnDetect); detectOverlayButton.setOnClickListener(new View.OnClickListener() { @Override public void onClick(View v) { MainActivity.this.getWindow().setHideOverlayWindows(true); } });

Guardsquare

Table of contents

Security Research Center

Hide non-system overlays

Guardsquare