Researchers have demonstrated how a malicious app with two specific permission can stealthily compromise users’ Android devices.

“The possible attacks include advanced clickjacking, unconstrained keystroke recording, stealthy phishing, the silent installation of a God-mode app (with all permissions enabled), and silent phone unlocking + arbitrary actions (while keeping the screen off),” the researchers, from Georgia Tech and the University of California, Santa Barbara, explained.