TapTrap: new attack on Android that lures you into performing actions you did not intend to do. This allows an app to access your camera or location, or erase your device—all without your consent.

TapTrap: new attack on Android that lures you into performing actions you did not intend to do. This allows an app to access your camera or location, or erase your device—all without your consent. (taptrap.click)
from floofloof@lemmy.ca to cybersecurity@sh.itjust.works on 23 Jul 02:23
https://lemmy.ca/post/48448954

cross-posted from: programming.dev/post/34366844

Lobsters.

Hackernews.

#cybersecurity

threaded - newest

alextecplayz@techhub.social on 23 Jul 02:42 collapse

@floofloof "TapTrap works even on the latest Android version, Android 16. We reported this issue to Google and major browser vendors in 2024. Browsers have fixed the issue as of July 2025, but Android itself remains vulnerable (see the disclosure timeline for details)."

JFC, Google

floofloof@lemmy.ca on 23 Jul 03:04 collapse

It then mentions that the underlying issue was independently reported to Google by another researcher in early 2023. So they have had more than two years.

Maiq@lemy.lol on 23 Jul 03:48 next collapse

With that kind of timeline, maybe its a feature and not a bug. Just not a feature users want or need.

tiredofsametab@fedia.io on 23 Jul 03:52 collapse

For some single-person or even small group project, I can understand not having time to deal with something. At the point that it is a large, commercial entity and running a lot of the world's devices, there should be legal implications for such negligence.