Overlay Detection
| Plan | Platforms | MASVS |
|---|---|---|
| Team | Android | MASVS-PLATFORM-3 |
Overview
Overlay Detection identifies when another app appears to be drawing over or obscuring the AppTego-protected app. Malicious overlays can support tapjacking, phishing, credential capture, permission manipulation, and UI redress attacks.
When overlay risk is detected, AppTego applies your configured response. This control is detection-focused. For proactive overlay blocking where supported, use Overlay Prevention.
When To Use It
Use this control for:
- Login, MFA, payment, wallet, approval, and account recovery screens.
- Apps vulnerable to tapjacking or fake UI overlays.
- Malware risk models where overlay permission abuse should affect session trust.
- User education flows that explain why another app may be covering sensitive screens.
How It Works
The protected Android app monitors platform touch and window-obscuring signals that indicate another app may be covering the UI. AppTego does not publish exact event flags, view hooks, or lifecycle requirements in public documentation.
Overlay Detection alerts the user or records telemetry according to your configuration. Overlay Prevention can be enabled alongside it for stronger protection where the OS supports prevention behavior.
How to Enable the Control
Navigate to Detection & Response from the AppTego portal, and expand the Screen And Input Detection section. Under this section you will find the Overlay Detection control. Click Enable Configuration, choose the response action, and save the configuration for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"OverlayDetectionResponse": {
"detection": true,
"action": "alert",
"title": "Overlay Detected",
"message": "Another app appears to be covering this screen. Please close it before continuing.",
"buttons": ["Close App", "Continue"],
"actions": ["safeKillApp", ""],
"redirects": ["", ""]
}
}| Field | Purpose |
|---|---|
detection | Enables or disables overlay detection. |
action | Selects the response style, such as alert, close, log, or warn. |
title / message | User-facing text shown when a response is displayed. |
buttons / actions / redirects | Defines the available response buttons and their outcomes. |
Compatibility Notes
- Legitimate overlays include system permission prompts, chat heads, floating widgets, accessibility tools, and screen-recording indicators.
- Use careful copy so users understand that the app is responding to overlap risk, not accusing them of malicious behavior.
- Pair with Overlay Prevention, Accessibility Service Detection, and Screen Recording Detection for stronger UI abuse coverage.