NewNow you can hear Fox News article!
A team of academic researchers has highlighted a new Android security exploitation that raises a lot of questions about the platform permission system. The technique called taptrap uses user interface animation, which is to give you sensitive permissions or cheat you in doing harmful actions. Unlike earlier tapjacing attacks, Taprap Android Attack works by launching transparent system signals on regular app interfaces. The result is a near-existence layer that quietly captures your tap and interaction.
Sign up for my free cyber report
Distribute my best technical tips, immediate safety alerts, and exclusive deals directly into your inbox. In addition, you will get immediate access to my final scam survival guide – when you join me Cyberguy.com/newsletter
New Google Ai makes robots smart without cloud
A person holding an Android phone (Kurt “Cybergui” Notson)
How Tiprap Android has exploited you permissions
As mentioned by Blapping Computer, Tiprap takes advantage of how the activity between Android apps handles infection. A malicious app can launch a system-level screen using a standard start activity function, but modify how the screen appears using custom animation. By setting both starting and ending the end at a very low price, such as 0.01, the activity becomes almost invisible to the user.
Touch input is still fully registered by transparent screen, even if users only see the visual app below. The attackers can also apply a scaling animation that increases a specific user interface element, such as an permission button, so that it fills the screen. This increases the opportunity that a user will inadvertently tap on the button.
What is Artificial Intelligence (AI)?
Researchers released a video showing how this technology can be used to quietly launch the Chrome Browser Permission Prompt in the gaming app. The prompt camera asks for access, and taps “permission” without realizing what the user has done. Because the malicious screen is transparent, there are no visual indications to suggest anything suspicious.
Image of an Android phone (Kurt “Cybergui” Notson)
Why 76% of Android apps are unsafe for tiprap
To assess how wide the vulnerability could be, researchers tested about 100,000 apps from the Play Store. About 76% of potentially were found to be weak, not because they are malicious, but because they lack major safety measures. These apps had at least one screen launched by another app, shared the same task stack, failed to override default infection animation, and did not block user inputs during infection.
Android defaults these animations by default. Users can only disable them through settings that are usually hidden, such as developer options or accessibility menu. Even the latest Android version, tested on a Google Pixel 8A, is unsafe against this exploitation.
Graffinos, a security-focused operating system based on Android, confirmed that its current version is also affected. However, it plans to release a fix in its next update.
Get Fox Business when you click here
Google has accepted the issue and said that there will be a mitigation in future Android updates. While no accurate timelines have been announced, Google is expected to handle how to handle input and animation to prevent invisible tap interception.
The company said that developers should follow strict play store policies and any app that misuses this vulnerability would face enforcement operations.
A person holding an Android phone (Kurt “Cybergui” Notson)
4 ways you can be safe from tipp attack
1) Consider a mobile safety app: Use a reliable antivirus or mobile safety app that can detect suspicious behavior or alert you to apps using overlay or accessibility features.
Get my pics for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices Cyberguy.com/Lockupyourtch
2) Be selective about the apps you installed: Avoid installing apps as they are trending or attractive advertisements. Before downloading the developer reliability, recent reviews and check permissions.
3) Stick to Google Play Store: While not correct, the Play Store has better safety measures than random APK sources. Avoid installing apps from third-party stores or unknown websites.
4) Stop before giving permissions: If an app suddenly asks for access to your camera, microphone, or other sensitive features, take a moment. Always ask yourself if this app really needs this permission right now.
Kurt’s key to Techway
Tiprap shows that security threats do not always come from complex code or aggressive malware. Sometimes, small inspection in visual behavior can open the way for severe misuse. In this case, the danger is that the users are inherent in what they do not see. People believe what they can see on their screen. This attack breaks the link by making a scene mismatched between the intentions and the result.
Click here to get Fox News app
Do you rely on the apps you install from the Play Store, or do you dig deep before downloading? Write us and tell us Cyberguy.com/Contact
Sign up for my free cyber report
Distribute my best technical tips, immediate safety alerts, and exclusive deals directly into your inbox. In addition, you will get immediate access to my final scam survival guide – when you join me Cyberguy.com/newsletter
Copyright 2025 cyberguy.com. All rights reserved.
