Android is one of the most used operating systems on the planet right now, which means that it more susceptible to exploits and hack attempts. In a new report by MWR InfoSecurity, a new exploit was discovered which tricks users into recording their screen without their consent. The exploit is present in Android versions 5.0 Lollipop to Android 7.1 Nougat.
The exploit uses Android’s MediaProjection framework that was launched with Android 5.0 Lollipop which gave application developers the ability to capture screen contents and/or record system audio. Prior to Android 5.0 Lollipop, screen recording apps required root privileges or special keys for the feature to work. However, with the introduction of Android 5.0 Lollipop, developers received access to this feature without root access.
An app using the MediaProjection framework normally requests access to the service via an intent that displays a popup about the permissions required by the app. The exploit gives attackers the ability to overlay a normal pop up over the MediaProjection intent, putting the user's devices at risk.
Google patched the exploit in Android 8.0 Oreo, but it's not running on a majority of devices. According to Google distribution numbers, almost 77.5 percent devices are running Android 5.x to Android 7.x, so this vulnerability poses a serious threat to users.
Google is yet to confirm if a patch will be released to fix the exploit. Until then, it's recommended to confirm the permissions required by an app before installing it. Also, keep an eye on the taskbar for the screencast icon (as shown above) which is displayed when an application gains access to the MediaProjection Service. If it appears, you can check which application is using it.