Security issue with tapjacking - Githubissues

firebase / FirebaseUI-Android

Optimized UI components for Firebase

https://firebaseopensource.com/projects/firebase/firebaseui-android/

Apache License 2.0

4.63k stars 1.84k forks source link

Security issue with tapjacking #2041

Open ArcherEmiya05 opened 2 years ago

ArcherEmiya05 commented 2 years ago

Step 1: Are you in the right place?

Yes

Step 2: Describe your environment

Android device: N/A
Android OS version: 21 up to 32
Google Play Services version: 4.3.10
Firebase/Play Services SDK version: 21.0.5
FirebaseUI version: 8.0.1

Step 3: Describe the problem:

Steps to reproduce:

Use FirebaseUI Auth UI

Observed Results:

Security risk level is medium

Expected Results:

Possible use of filterTouchesWhenObscure set to true?

Relevant Code:

  // TODO(you): code here to reproduce the problem

thatfiredev commented 2 years ago

Thanks for reporting this @ArcherEmiya05 We'll consider setting filterTouchesWhenObscure to true.

Contributions are also welcome :)