This Android application is a proof-of-concept demonstrating tapjacking techniques using full and partial screen overlays. It is intended for educational and research purposes only, helping Android developers and security researchers understand the risks associated with screen overlays.
Here you can read more about Tapjacking.
- Launch any activity via package name and activity class name.
- Trigger an app using a deep link URI.
- Display a full-screen overlay.
- Display a partial overlay with custom width and height.
Main screen
Screenshot showing the full & the partial overlay in action
- Download the APK.
- Install it.
- Clone the repository:
git clone https://github.com/frankheat/tapjacking-poc.git- Open the project in Android Studio.
- Build and install the app on a device (minSdk 26 - Android 8.0+).
- Start Activity: Provide a target app's package and full activity class name.
- Deep Link: Provide a URI to launch.
- Full: Launches a fullscreen overlay.
- Partial: Launches a partial overlay.
This app requires the SYSTEM_ALERT_WINDOW permission ("Draw over other apps").