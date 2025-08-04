Cyber criminals are using a new scam to gain access to cell phones. Imago

Scientists warn of a trick that hackers can use to gain access to data or smartphones. They advise smartphone owners to be careful.

Security researchers at the Vienna University of Technology have discovered a hacking method called "TapTrap", in which invisible apps on Android devices operate unnoticed in the foreground and trigger unwanted commands.

The method uses transparent overlays to redirect user actions unnoticed to fraudulent apps, enabling camera access or changes in banking apps, among other things.

Around 76 percent of the apps tested are potentially vulnerable. Users should only download apps from secure sources, check permissions and deactivate animations in the settings. Show more

Attention smartphone owners who use an Android device: IT experts have now uncovered an ingenious trick that could allow hackers to gain access to smartphones and thus also to sensitive data of cell phone users. And with an "invisible" app that could go unnoticed by smartphone owners.

This is how quickly the touch trap snaps shut

This hacking method is also known in specialist circles as the "TapTrap" (touch trap). As reported by tech magazine Scinexx and Chip.de, among others, the app can appear on the screen as a transparent app that goes unnoticed by smartphone users. If an Android user continues to work in an app that they have just opened and taps the invisible app, this could trigger unwanted commands. The Austrian newspaper Der Standard also reported on the case.

The trick is based on the ability of smartphones to open several applications at the same time. It is therefore possible for a fraudulent app to trigger another app unnoticed by the smartphone owner, but display it transparently. "Apps can also start other apps - and use animations, such as slowly fading in or sliding in," Philip Beer from the Vienna University of Technology explains to Scinexx. "This is exactly what can be abused," he emphasizes.

The invisible app is difficult to recognize

If the transparent app is unknowingly tapped by the smartphone owner, it can trigger activities that the end device user would otherwise never consent to. According to the scientists at TU Wien, this could include reading out sensitive data or making changes in banking apps. Beer explains: "We tested this by creating a simple game."

In the game, points could be collected by tapping small bugs on the screen. The team had the game tested by twenty study participants. It turned out that it was possible to gain various authorizations unnoticed, such as access to the smartphone camera.

"However, the game then opens another app, such as a browser. You may have the feeling that you are still playing the Beetle game, but in reality you are now using this one," explains the scientist from TU Wien. Even if a confirmation window should normally appear, the invisible hacker app can suppress it. Beer warns: "Theoretically, you could also start a banking app in this way, or delete all the data on your cell phone."

How to protect yourself against the "Tap Trap"

Scinexx reports on surveys that suggest that 76 percent of the almost 100,000 apps checked are vulnerable to the "TapTrap". So far, however, none of these vulnerabilities have been exploited. The team has reported the problem to the developers of Android, Firefox and Google Chrome, who have already responded. To protect themselves from attacks, smartphone users should be careful. Beer recommends not installing apps from insecure sources. For greater security, he also advises regularly checking the device settings.

"If the camera or microphone is being accessed, this is often also visible on symbols in the status bar, so you should pay attention to this," he emphasizes. If you want to be even safer when using your smartphone, you can completely deactivate the animation of apps in the settings under "Accessibility" and "Color and motion". This ultimately reduces the risk of hacker apps sneaking in unnoticed when an application is launched.