But the user needs to be able to override this faulty check, albeit my solution is to never let any app decide what I can have on my device by not installing the app.
EDIT: there's also Android Protected Confirmation that works in the TrustZone so apps can't display over that. It was made exactly for apps like banking apps, so they should use it.
This is "protect the users from themselves" as-a-feature to prevent scammers from using malware to obscure their scams. Letting the user override the warning would make the entire feature useless.
Using overlay permissions, it's relatively simple to trick someone into transferring money by overlaying a different UI that the malicious app makes the user type or paste into. I believe blocking access to the app while such an overlay is present makes a lot of sense. Trusting apps from Google Play to do this while blocking other install sources would be an obvious mistake, though.
I'd argue this feature shouldn't exist (because of things like the API you mention) but having a user override doesn't make sense here.
If Google can allow apps to block screenshot capability then it should also allow specific set of apps like financial apps having an option to block overlays too. It doesn't have to be all or nothing.
graemep|2 months ago
I have stopped using the HSBC app and asked for a security device (which they will send you if asked) instead and use the web site instead.
zb3|2 months ago
EDIT: there's also Android Protected Confirmation that works in the TrustZone so apps can't display over that. It was made exactly for apps like banking apps, so they should use it.
jeroenhd|2 months ago
Using overlay permissions, it's relatively simple to trick someone into transferring money by overlaying a different UI that the malicious app makes the user type or paste into. I believe blocking access to the app while such an overlay is present makes a lot of sense. Trusting apps from Google Play to do this while blocking other install sources would be an obvious mistake, though.
I'd argue this feature shouldn't exist (because of things like the API you mention) but having a user override doesn't make sense here.
devsda|2 months ago
arccy|2 months ago
makeitdouble|2 months ago
unknown|2 months ago
[deleted]