Request pricing
En
    Request pricing

    Login

      Obscure touch detection

        Technique summary
      Technique Obscure touch detection
      Against View injections
      Limitations FLAG_WINDOW_IS_OBSCURED API Level ≥9 (Android ≥2)
        FLAG_WINDOW_IS_PARTIALLY_OBSCURED API Level ≥29 (Android ≥10)
        Does not protect against activity injections or opaque view injections
      Side effects None
      Recommendations Usually redundant

      Android API 9 (Android 2) added three valuable methods for detecting overlays based on touch events. The methods onTouch, onFilterTouchEventForSecurity, and setFilterTouchesWhenObscured are made available in API 9 and higher and can be used to detect obscured touch events.

      There are two types of obscured touches, named 'partially obscured' and 'obscured'; the latter is true if an overlay is located at the touch location. When an overlay is present, but does not cover a touch, this will be seen as a partially-obscured touch.

      ViewGroup view = findViewById(R.id.main_view); view.setOnTouchListener(new View.OnTouchListener() { @Override public boolean onTouch(View v, MotionEvent event) { Boolean badTouch = ((event.getFlags() & FLAG_WINDOW_IS_OBSCURED) != 0) // do not consume event if obscured return badTouch; } });

      The setFilterTouchesWhenObscured can be used as a method to filter obscured touches specifically. Another way to apply this method to a view is by adding the 'android:filterTouchesWhenObscured' to the layout attribute.

      ViewGroup view = findViewById(R.id.main_view); view.setFilterTouchesWhenObscured(true);

      The onFilterTouchEventForSecurity can also be used to filter specific MotionEvents to prevent obscure touches.

      @Override public boolean dispatchTouchEvent(MotionEvent event) { return onFilterTouchEventForSecurity(event); } @Override public boolean onFilterTouchEventForSecurity(MotionEvent event) { // Add custom security check int flags = event.getFlags(); Boolean badTouch = (((flags & FLAG_WINDOW_IS_PARTIALLY_OBSCURED) != 0) || ((flags & FLAG_WINDOW_IS_OBSCURED) != 0)); if (badTouch) { // consume touch event to block touch return false; } return super.onFilterTouchEventForSecurity(event); }

      Furthermore, the onTouch can use the FLAG_WINDOW_IS_OBSCURED flag to detect obscured touches in a specified view. Another onTouch flag has been added in API 29 (Android 10), introducing FLAG_WINDOW_IS_PARTIALLY_OBSCURED for more precise detection of partially-obscured touches.

      ViewGroup view = findViewById(R.id.main_view); view.setOnTouchListener(new View.OnTouchListener() { @Override public boolean onTouch(View v, MotionEvent event) { int flags = event.getFlags(); Boolean badTouch = (((flags & FLAG_WINDOW_IS_PARTIALLY_OBSCURED) != 0) || ((flags & FLAG_WINDOW_IS_OBSCURED) != 0)); // do not consume event if obscured return badTouch; } });

       

      Guardsquare

      Table of contents