Philipp Beer, Marco Squarcina and Martina Lindorfer, researchers from the Security and Privacy Group at TU Wien Informatics in Austria, and Sebastian Roth from the University of Bayreuth in Germany, have revealed with their research into Tapjacking and the TapTrap threat. In developing TapTrap, the researchers have demonstrated how an app without any permissions at all can abuse screen animations to open another screen without the user knowing, turn it invisible, and get them to unknowingly click on a permission prompt. This method of executing a transparent action with an invisible malicious one underneath is new and dangerous. Whereas, ordinarily, when the screen changes in Android, you would expect to see an animation, maybe a sliding or fading effect at one screen changes to another, a TapTrap attack can make the new screen “fully transparent, keeping it hidden from you,” the researcher said. “Any taps you make during this animation go to the hidden screen,” they continued, “not the visible app.” The app could then get you to tap areas of the screen that “correspond to sensitive actions on the hidden screen,” the researchers explained, “allowing it to perform actions without your knowledge.” Actions like, for example, enabling the device administrator permission, which can let an app remotely wipe your phone.