0

I came to realize that in rare occasions when using the Android phone, Cell service provider (Mobile Network provider) shows some popup advertisements. Regardless of the app, screen I was in it always mange to draw over the screen. Recently I manged to capture the screen when it does (Se attached image).

As I checked all the app's permissions to "Display over other apps" there were nothing other than some phone manufacture related and accessibility related system apps.

I find this as an security risk as cell provider can hijack my screen. Also I don't thing this is due to a malware/adware since all the ads are related to cell network and their packages.

  • My question is how Android eco system enables this kind of facility?
  • Which mechanism or the loopwhole Cell provider might be using?
  • Is there anyway to disable this? (other than clicking over unsubscribe link on ad)

As you could see in the image, I was checking emails and ad got popped over enter image description here

Edit:

  • I do have a customer care/help app installed which provided by carrier. However I made sure it doesn't draw over apps.

  • Device is non-rooted, and never touched the bootloader, so might be locked.

  • Familiar with adb and fastboot. And adb lists the device with proper permission. However while running adb shell appops query-op --user 0 SYSTEM_ALERT_WINDOW allow | while read line; do echo -e "\nPackage: $line "; appops get $line SYSTEM_ALERT_WINDOW; done gives empty results.

  • Tried adb shell appops query-op --user 0 SYSTEM_ALERT_WINDOW allow also but empty output

inckka
  • 101
  • 2
  • More likely to be from some network care /help app that is all the more likely, if your device is tied to the network. – beeshyams Aug 11 '20 at 05:53
  • 1
    Can you setup [tag:adb], than run this command: adb shell appops query-op --user 0 SYSTEM_ALERT_WINDOW allow | while read line; do echo -e "\nPackage: $line "; appops get $line SYSTEM_ALERT_WINDOW; done? Post the output in the question. – Firelord Aug 11 '20 at 05:57
  • If your device is rooted (mention root status in question please), plenty of ad block solutions available, if not follow this answer. Also try Adguard ad blocker – beeshyams Aug 11 '20 at 05:59
  • 2
    At the very least, a cell service provider (ISP) can intercept and inject ads on non-HTTPS websites. They can also send class 0 SMS. But to show ads over any apps is impossible without having an auxiliary Android app/service to do so. – Andrew T. Aug 11 '20 at 09:40
  • FYI I did update the question with above commented suggestions. – inckka Aug 30 '20 at 02:46

0 Answers0