I just filed this bug
(not public) in the Android bug tracker. It allows anyone to see the screen contents of the foreground app even if the screen is locked.
- Steps to reproduce the problem (including sample code if appropriate).
Open some app. Lock the screen or wait until it is locked (such that a gesture is needed to unlock it). Turn the phone into horizontal (landscape) mode. Open the camera app, press the power button, wait about a second, press it again.
- What happened.
The camera app restarts. During the process, for about a second, it shows the app that was running in the user's session.
- What do you think the correct behavior should be.
The app should not be visible at all. With this attack, an adversary has plenty of time to read any information displayed in the app.
Note that this attack does not work (as far as I could see) when the phone is in portrait orientation.
- Don't forget to mention which version of Android you're using, and/or which device the problem appears on (model and Android version).
Nexus 5 with Android 4.4.4
Is this bug reproducible for anyone? Is it already known?
The (public) list of security bugs (including the fixed ones) in the bug tracker
seems very short, which seems strange.