Android - Screen overlay detected, what is the problem?

This is to prevent 'Tapjacking'.

It works in a surprisingly simple way – you download an application and open it, which triggers the installation of a second, this time malicious, application. Then, when you press a button on the seemingly innocent application, you are actually clicking a button on the malicious application that is hidden within it. So, as its name suggests, the trap is in the tap.

So, imagine this scenario. You have downloaded an application and on the main screen there is a button that says “Start Game”. You click it to begin but, unbeknownst to you, this has triggered the downloading of the dangerous malware. On the next screen you continue clicking away, oblivious to the dangers, and without realizing you have accepted the terms and conditions of the dangerous malware that has hidden itself on your cellphone.


So when Android detects an app is appearing as an overlay it prevents the user from granting permissions or clicking on install when sideloading an app (and possibly more scenarios).

An app developer can opt into this behaviour if the user is doing something that needs to be secure:

Sometimes it is essential that an application be able to verify that an action is being performed with the full knowledge and consent of the user, such as granting a permission request, making a purchase or clicking on an advertisement. Unfortunately, a malicious application could try to spoof the user into performing these actions, unaware, by concealing the intended purpose of the view. As a remedy, the framework offers a touch filtering mechanism that can be used to improve the security of views that provide access to sensitive functionality.