Request Pricing
En
Request pricing

Login

Obscure touch detection

  Technique summary
Technique Obscure touch detection
Against View injections
Limitations FLAG_WINDOW_IS_OBSCURED API Level ≥9 (Android ≥2)
  FLAG_WINDOW_IS_PARTIALLY_OBSCURED API Level ≥29 (Android ≥10)
  Does not protect against activity injections or opaque view injections
Side effects None
Recommendations Usually redundant

Android API 9 (Android 2) added three valuable methods for detecting overlays based on touch events. The methods onTouch, onFilterTouchEventForSecurity, and setFilterTouchesWhenObscured are made available in API 9 and higher and can be used to detect obscured touch events.

There are two types of obscured touches, named 'partially obscured' and 'obscured'; the latter is true if an overlay is located at the touch location. When an overlay is present, but does not cover a touch, this will be seen as a partially-obscured touch.

ViewGroup view = findViewById(R.id.main_view); view.setOnTouchListener(new View.OnTouchListener() { @Override public boolean onTouch(View v, MotionEvent event) { Boolean badTouch = ((event.getFlags() & FLAG_WINDOW_IS_OBSCURED) != 0) // do not consume event if obscured return badTouch; } });

The setFilterTouchesWhenObscured can be used as a method to filter obscured touches specifically. Another way to apply this method to a view is by adding the 'android:filterTouchesWhenObscured' to the layout attribute.

ViewGroup view = findViewById(R.id.main_view); view.setFilterTouchesWhenObscured(true);

The onFilterTouchEventForSecurity can also be used to filter specific MotionEvents to prevent obscure touches.

@Override public boolean dispatchTouchEvent(MotionEvent event) { return onFilterTouchEventForSecurity(event); } @Override public boolean onFilterTouchEventForSecurity(MotionEvent event) { // Add custom security check int flags = event.getFlags(); Boolean badTouch = (((flags & FLAG_WINDOW_IS_PARTIALLY_OBSCURED) != 0) || ((flags & FLAG_WINDOW_IS_OBSCURED) != 0)); if (badTouch) { // consume touch event to block touch return false; } return super.onFilterTouchEventForSecurity(event); }

Furthermore, the onTouch can use the FLAG_WINDOW_IS_OBSCURED flag to detect obscured touches in a specified view. Another onTouch flag has been added in API 29 (Android 10), introducing FLAG_WINDOW_IS_PARTIALLY_OBSCURED for more precise detection of partially-obscured touches.

ViewGroup view = findViewById(R.id.main_view); view.setOnTouchListener(new View.OnTouchListener() { @Override public boolean onTouch(View v, MotionEvent event) { int flags = event.getFlags(); Boolean badTouch = (((flags & FLAG_WINDOW_IS_PARTIALLY_OBSCURED) != 0) || ((flags & FLAG_WINDOW_IS_OBSCURED) != 0)); // do not consume event if obscured return badTouch; } });

 

Guardsquare

Table of contents