Android 4.2 ACTION_OUTSIDE MotionEvent X and Y return 0 outside of own application

Question

I created a TYPE_SYSTEM_ALERT view, set the flags FLAG_NOT_TOUCH_MODAL and FLAG_WATCH_OUTSIDE_TOUCH, and added it with WindowMan

Answer 1

It's unfortunate that this question has remained unanswered for 1.5 years, but I ran into the same thing you did and found out why!

After scouring the source code, I found the source of the issue:

https://github.com/android/platform_frameworks_base/blob/79e0206ef3203a1842949242e58fa8f3c25eb129/services/input/InputDispatcher.cpp#L1417

// Check whether windows listening for outside touches are owned by the same UID. If it is
// set the policy flag that we will not reveal coordinate information to this window.
if (maskedAction == AMOTION_EVENT_ACTION_DOWN) {
    sp<InputWindowHandle> foregroundWindowHandle =
            mTempTouchState.getFirstForegroundWindowHandle();
    const int32_t foregroundWindowUid = foregroundWindowHandle->getInfo()->ownerUid;
    for (size_t i = 0; i < mTempTouchState.windows.size(); i++) {
        const TouchedWindow& touchedWindow = mTempTouchState.windows[i];
        if (touchedWindow.targetFlags & InputTarget::FLAG_DISPATCH_AS_OUTSIDE) {
            sp<InputWindowHandle> inputWindowHandle = touchedWindow.windowHandle;
            if (inputWindowHandle->getInfo()->ownerUid != foregroundWindowUid) {
                mTempTouchState.addOrUpdateWindow(inputWindowHandle,
                        InputTarget::FLAG_ZERO_COORDS, BitSet32(0));
            }
        }
    }
}

If the "outside touch" lands in a view that doesn't share its UID (read about it here) with the view that's listening for outside touches, the event dispatcher sets its coordinates to 0,0. This was definitely done for security purposes, but I'm not sure I see the full scope of the threat it's designed to mitigate. And this gentleman here (SO) reports that you can retrieve location data on 2.3.6, but it seems that at least 4.x won't reveal it to you (I tried 4.1.2, it didn't work).

I opened up a bug ticket about this if you'd like to follow it. At the very least, the documentation needs to include this information... I would also like to know if this security feature is really necessary.

Issue 72746: FLAG_WATCH_OUTSIDE_TOUCH doesn't return location for ACTION_OUTSIDE events on 4.2+