tapjacking

When an application displays a permission dialog, the malicious application you installed will display a system overlay to cover up the permission dialog’s text block with whatever text it wants. An unwitting user who clicks “allow” on the permission dialog box will be tricked into granting a permission that they were asked for – but for which the request was hidden from the user’s view.

• mwrlabs/tapjacking-poc
• limbenjamin/tapjacking: Proof of concept code for tapjacking.
• iwo/marshmallow-tapjacking: Demonstrates how Android Marshmallow permissions dialog can be hijacked by the app drawind on top of it. (You may also download the apks from here)
• AlvarezAriel/android-tapjacking-example

Ref

• Tapjacking Made a Return in Android Marshmallow, and Nobody Noticed - iwo/marshmallow-tapjacking 该 POC 仅可用于测试 OS Level 是否 vulnerable.
• How to Check if your Android device is Vulnerable to Tapjacking on Marshmallow – The Android Soul
• What is Tapjacking in Android and How to Prevent It - Devknox Blog