I’ve published my advisory on a vulnerability in Android’s MediaProjection service that when exploited would allow any android application to trick users into recording the contents of their screen.

This vulnerability currently affects Android 5.0 to 7.1.2. Android users are advised to upgrade to Android 8.0 which patches this vulnerability.

The advisory is hosted at MWR Labs

Archived copy: mwri-android-MediaProjection-tapjacking-advisory-2017-11-14.pdf