KeePassDX icon indicating copy to clipboard operation
KeePassDX copied to clipboard

Published 20 hours ago verified publisher icon Kunzisoft

"Display Over" conflict - Click button disabled to prevent TapJacking

Open Zakkumaru opened this issue 3 years ago • 3 comments
trafficstars

Describe the bug

When using the "Display Over" feature of some apps, such as NewPipe, it becomes impossible to click on Keepass.

To Reproduce

Steps to reproduce the behavior:

  1. Open NewPipe
  2. Start a video and use the pop out / "Display Over" feature
  3. Open Keepass
  4. Try typing, using fingerprint, or clicking on entries

Expected behavior

Should be able to type, use fingerprint scanner, and click on entries.

KeePassDX:

  • Version: 3.4.5
  • Build: F-Droid
  • Language: English

Android:

  • Version: 12

Additional context

NewPipe, latest version

Zakkumaru avatar Aug 26 '22 04:08 Zakkumaru

This problem happens because KeePassDX is protected against TapJacking, so if there is an application that uses an overlay on top of it, the keys cannot be pressed as a security measure. https://github.com/Kunzisoft/KeePassDX/wiki/FAQ#pressing-the-buttons-has-no-effect-why-that Linked to #1336 #1375

J-Jamet avatar Aug 30 '22 12:08 J-Jamet

I'll look into making it a setting when applications use the entire screen with transparent views and not just visible views that hide other applications. But a note (like the screenshot mode) will be present on the screen.

J-Jamet avatar Aug 30 '22 12:08 J-Jamet

This problem happens because KeePassDX is protected against TapJacking, so if there is an application that uses an overlay on top of it, the keys cannot be pressed as a security measure.

Oh thanks god I thought I KeePassDX had stopped working 😭 (I really wanted to keep watching that video while attempting for fifteen minutes to get KeePass to work 😅)

Yes there needs at least to be a very visible warning displayed, and much better if it can be made to work when it's not a security issue.

Gabr-F avatar Sep 21 '22 20:09 Gabr-F

The problem here is that the overlay application applies a transparent view to the entire surface instead of showing only the section of the view that is visible. In the latter case, there would be no problem.

To display a warning from KeePassDX, we need an event that indicates a hidden view, but this kind of event does not exist natively in the system.

J-Jamet avatar Sep 23 '22 15:09 J-Jamet

~So for now, the workaround is to enable screenshot mode in settings.~ Not working anymore

J-Jamet avatar Jul 28 '23 15:07 J-Jamet