Also known as “Draw over other apps”. It allows an app to float a window on top of everything else on your screen.
Why is it dangerous?
Cloaking / Clickjacking: A malicious app can draw a fake “Play Button” over a real “Confirm Payment” button. You think you are starting a game, but you are authorizing a transaction.
Phishing Overlays: It detects when you open a banking app and instantly draws a fake login screen on top of it. You type your password into the fake screen.
Ransomware: It can draw a full-screen window that cannot be closed, locking you out of your phone.
Legitimate Uses
Facebook Messenger Heads.
Screen Recorders.
Blue Light Filters.
Verdict
Extremely suspicious in generic apps.
SYSTEM_ALERT: PRIVACY_CONFIG
> DETECTED INCOMING CONNECTION. > WE USE COOKIES TO ANALYZE TRAFFIC AND
SECURE THE PERIMETER. > DO YOU AUTHORIZE TRACKING SCRIPTS?