Default Android ui inference attack

Basically, an app can use android permissions to infer when sensitive activity is happening in popular apps. Like a logon occurs, and overlays a phishing logon screen, or a picture of a check is shot from a banking app, and replays the process for itself to acquire sensitive data.


http://www.securityweek.com/research...k-android-apps

Thoughts?

pwning CM on N5
PRL:56019 (800SMR & VZW roam) (thread)
gapps:Minimal Gapps
Launcher: Nova betas (site)
Thx, devs.