HMV-01: Automatically generated screenshots

1. July 2019


Screenshots of applications that are moved to the background are created for better user experience. Unfortunately, other apps can access them, exposing sensitive data such as banking information, passwords, or personal information.


All applications in the background can be viewed (screen shots).


Use the FLAG_SECURE to hide the screen when an app is put into hang mode. This will only display a black placeholder.


OWASP-MSTG Android Reference

OWASP-MSTG iOS Reference

Similar posts

While doing my preperation for the OSCE i found an exploit for the coolpalyer+ version 2.19.1 from 2009. I decided to [...]

19. February 2018

  Vulnerable software FTP server 8.0f(g) Vulnerability Local Buffer Overflow (SEH protected)-> Code Execution Time Line 01/24/2018 Vendor informed 01/30/2018 [...]

20. February 2018

CVE CVE-2018-16231 Vulnerable software FTP server <= 8.4f Vulnerability Remote denial of service Timeline 30.01.2018 Seller informed(also local BO ) [...]

25. August 2018

CVE CVE-2018-7272 Vulnerable software AT 5.0.0, 5.1.0 Vulnerability Unauthorized access Timeline 15.12.2017 Seller informs X.01.2018  Manufacturer has patched vulnerability 24.01.2018 Manufacturer [...]

25. August 2018