Called Cloak and Dagger, the exploit could allow hackers to steal your information by creating a malicious app that only needs to set two permissions, namely BIND ACCESSIBILITY SERVICE (“a11y”) and SYSTEM ALERT WINDOW (“draw on top”), to log keystrokes and steal your passwords and other sensitive information. It’s a fact that’s not that easy to force users into enabling accessibility permissions, but skilled hackers can trick them into doing so, and once they activate both permissions, they’ll be able to install software, steal data from installed apps, and basically take full control of your Android phone without you even knowing.