Hello, I have noticed that the TeamViewer QS application is using the INJECT_EVENTS system permission and the Instrumentation API for it's remote control functionality. Now, in my opinion there are four scenarios in which such a solution would work (given your device is not rooted):
1. Have your application published under some special rule (like a downloadable system app), if such a thing exists at all... 2. Have the permission (from Google) to use a shared system user ID (like shell) for your application, so the Instrumentation API will be able to inject events on a global scale. 3. Your application is signed with the OS key and it is treated as a system application (maybe this is the same , or part of the case described above). 4. There is some major security exploit in the OS that allows events to be injected on a global scale from non-system applications. Could someone please explain what is the case with TeamViewer? Regards, Vladi -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
