diff options
author | Edward Cunningham <ejc@google.com> | 2020-06-02 11:33:14 +0000 |
---|---|---|
committer | Vikas Marwaha <vikasmarwaha@google.com> | 2020-07-16 18:26:13 +0000 |
commit | 8247bb8fd12b17916e9f897bfc1640ce23abfcd9 (patch) | |
tree | bc947c9ddd134069fa8712da739d295d73fdbe38 | |
parent | ca55e5cc150f37d34ebf4fa37519d6a6e321dd09 (diff) | |
download | platform_compatibility_cdd-8247bb8fd12b17916e9f897bfc1640ce23abfcd9.tar.gz platform_compatibility_cdd-8247bb8fd12b17916e9f897bfc1640ce23abfcd9.tar.bz2 platform_compatibility_cdd-8247bb8fd12b17916e9f897bfc1640ce23abfcd9.zip |
CDD: Require to display the same consistent UI for
ACTION_MANAGE_OVERLAY_PERMISSION intent.
Without such requirement intent android.settings.action.MANAGE_OVERLAY_PERMISSION
with data URI “package:<package>” can redirect the user
to the app-specific screen to enable permission
android.permission.SYSTEM_ALERT_WINDOW. This makes it too
easy for malicious apps to fool the user into enabling it.
Bug: 145286669
Change-Id: I5fce6cc6bf21b93f953b53ce077c0272dc71bae2
-rw-r--r-- | 9_security-model/9_1_permissions.md | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/9_security-model/9_1_permissions.md b/9_security-model/9_1_permissions.md index ebb1927d..294e8bc8 100644 --- a/9_security-model/9_1_permissions.md +++ b/9_security-model/9_1_permissions.md @@ -106,3 +106,14 @@ apps, from accessing the usage statistics, they: https://developer.android.com/reference/android/provider/Settings.html#ACTION_USAGE_ACCESS_SETTINGS) intent pattern but MUST implement it as a no-op, that is to have an equivalent behavior as when the user is declined for access. + +If device implementations provide a user affordance to choose which apps can +draw on top of other apps with an activity that handles the +[`ACTION_MANAGE_OVERLAY_PERMISSION`](https://developer.android.com/reference/android/provider/Settings.html#ACTION_MANAGE_OVERLAY_PERMISSION) +intent, they: + +* [C-2-1] MUST ensure that all activities with intent filters for the + [`ACTION_MANAGE_OVERLAY_PERMISSION`]( + https://developer.android.com/reference/android/provider/Settings.html#ACTION_MANAGE_OVERLAY_PERMISSION) + intent have the same UI screen, regardless of the initiating app or any + information it provides.
\ No newline at end of file |