Explore a critical Android security vulnerability in this 45-minute Black Hat conference talk. Delve into how combining the SYSTEM_ALERT_WINDOW and BIND_ACCESSIBILITY_SERVICE permissions enables complete control of the UI feedback loop, leading to devastating and stealthy attacks. Learn about context-aware clickjacking, obscured flag bypass, context hiding, and invisible grid attacks. Examine design shortcomings in Android's security mechanisms and their implications for traditional phishing and ransomware. Discover the Android security team's response, proposed solutions for securing Android UI, and the current state of security updates. Gain insights into detecting Cloak & Dagger attacks and understand the evolving landscape of Android security vulnerabilities.