@zalaris/cordova-plugin-tapjackingprotection v0.1.4

Preface

This plugin was forked from https://github.com/BeDefended/TapjackingProtectionPlugin

Purpose: Add detection of tapjacking partial occlusion hence increasing protection.

cordova-plugin-tapjackingprotection

Tapjacking is the combination of “tap” and “jacking” and, as the term suggests, it means someone hijacking what a user taps on his smartphone. It is the mobile version of the “Clickjacking” for web applications.

Using social engineering an attacker can develop a malicious app that exploits tapjacking and tricks the victim into doing dispositive actions on vulnerable applications.

This plugin prevents tapjacking attacks by setting the setFilterTouchesWhenObscured to true on the main WebView. In this way Android will discard touches when the WebView is obscured by another visible window.

The plugin also blocks touches when the WebView is partly obscured by overlay (flag FLAG_WINDOW_IS_PARTIALLY_OBSCURED is checked in this case). If such detection occured the plugin displays alert with instructions.

Installation

For Cordova apps:

1. To add this plugin: cordova plugin add @zalaris/cordova-plugin-tapjackingprotection
2. To remove this plugin: cordova plugin remove @zalaris/cordova-plugin-tapjackingprotection

Usage

This plugin does not expose any interface, it simply and automatically protect your app against Tapjacking by setting the "setFilterTouchesWhenObscured" to true on the main WebView. It is not required any action except install the plugin.