diff --git a/MOBILE_CLIENT/COMMON/_HIGH/TAPJACKING_VULNERABILITY/description.md b/MOBILE_CLIENT/COMMON/_HIGH/TAPJACKING_VULNERABILITY/description.md
new file mode 100644
index 00000000..3be2c411
--- /dev/null
+++ b/MOBILE_CLIENT/COMMON/_HIGH/TAPJACKING_VULNERABILITY/description.md
@@ -0,0 +1,59 @@
+The Tapjacking Vulnerability is a security flaw that allows an attacker to overlay malicious content or interfaces on top of legitimate applications, tricking users into interacting with the attacker's content instead. This can lead to various malicious activities, such as stealing sensitive information, capturing login credentials, or performing unauthorized actions on the user's behalf.
+
+
+Below are examples of incorrect overlay handling:
+
+
+=== "resource.xml"
+
+```xml
+ // vulnerable
+```
+
+=== "JAVA"
+
+```java
+public class YourActivity extends AppCompatActivity {
+
+ @Override
+ public void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ setContentView(R.layout.activity_your_layout);
+
+ Button yourButton = findViewById(R.id.yourButtonId);
+ yourButton.setOnClickListener(new View.OnClickListener() {
+ @Override
+ public void onClick(View view) {
+ // Handle button click
+ }
+ });
+ }
+}
+```
+
+=== "KOTLIN"
+
+```kotlin
+class YourActivity : AppCompatActivity() {
+
+ override fun onCreate(savedInstanceState: Bundle?) {
+ super.onCreate(savedInstanceState)
+ setContentView(R.layout.activity_your_layout)
+
+ val yourButton: Button = findViewById(R.id.yourButtonId)
+ yourButton.setOnClickListener {
+ // Handle button click
+ }
+ }
+}
+```
diff --git a/MOBILE_CLIENT/COMMON/_HIGH/TAPJACKING_VULNERABILITY/meta.json b/MOBILE_CLIENT/COMMON/_HIGH/TAPJACKING_VULNERABILITY/meta.json
new file mode 100644
index 00000000..94ea1e18
--- /dev/null
+++ b/MOBILE_CLIENT/COMMON/_HIGH/TAPJACKING_VULNERABILITY/meta.json
@@ -0,0 +1,24 @@
+{
+ "risk_rating": "high",
+ "short_description": "Tapjacking Vulnerability is a type of vulnerability where an attacker can overlay malicious content on top of legitimate content, leading to potential security breaches.",
+ "references": {
+ "Overlay Attacks: Top Techniques And How To Counter Them": "https://www.appsealing.com/overlay-attacks/",
+ "Mobile overlay attacks on Android": "https://www.ikarussecurity.com/en/mobile-device-management-en/mobile-overlay-attacks-on-android/"
+ },
+ "title": "Tapjacking Vulnerability",
+ "privacy_issue": true,
+ "security_issue": true,
+ "categories": {
+ "OWASP_MASVS_L1": [
+ "MSTG_PLATFORM_2"
+ ],
+ "OWASP_MASVS_L2": [
+ "MSTG_PLATFORM_2"
+ ],
+ "PCI_STANDARDS": [
+ "REQ_2_2",
+ "REQ_6_2",
+ "REQ_6_3"
+ ]
+ }
+}
\ No newline at end of file
diff --git a/MOBILE_CLIENT/COMMON/_HIGH/TAPJACKING_VULNERABILITY/recommendation.md b/MOBILE_CLIENT/COMMON/_HIGH/TAPJACKING_VULNERABILITY/recommendation.md
new file mode 100644
index 00000000..25199290
--- /dev/null
+++ b/MOBILE_CLIENT/COMMON/_HIGH/TAPJACKING_VULNERABILITY/recommendation.md
@@ -0,0 +1,70 @@
+To mitigate Tapjacking vulnerabilities in mobile applications, developers should:
+
+ * Thoroughly validate and filter user inputs and application settings to prevent exploitation by malicious overlays.
+ * Pay special attention to sensitive settings vulnerable to manipulation by overlays, such as authentication parameters or access controls.
+ * Implement strict input validation checks on user-modifiable settings to prevent unauthorized changes.
+ * Provide clear user guidance within the application on recognizing and avoiding suspicious overlays.
+ * Regularly update the application to address newly identified vulnerabilities.
+ * Consider implementing overlay detection mechanisms to enhance the application's resilience against potential threats.
+ * Set the `filterTouchesWhenObscured` on views to true.
+ * Set security policies for touch event using `onFilterTouchEventForSecurity`.
+
+
+Below are examples of secure overlay handling:
+
+
+=== "resource.xml"
+
+```xml
+
+```
+
+=== "JAVA"
+
+```java
+public class YourActivity extends AppCompatActivity {
+
+ @Override
+ public void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ setContentView(R.layout.activity_your_layout);
+
+ Button yourButton = findViewById(R.id.yourButtonId);
+ yourButton.filterTouchesWhenObscured = true
+ yourButton.setOnClickListener(new View.OnClickListener() {
+ @Override
+ public void onClick(View view) {
+ // Handle button click
+ }
+ });
+ }
+}
+```
+
+=== "KOTLIN"
+
+```kotlin
+class YourActivity : AppCompatActivity() {
+
+ override fun onCreate(savedInstanceState: Bundle?) {
+ super.onCreate(savedInstanceState)
+ setContentView(R.layout.activity_your_layout)
+
+ val yourButton: Button = findViewById(R.id.yourButtonId)
+ yourButton.isFilterTouchesWhenObscured = true
+ yourButton.setOnClickListener {
+ // Handle button click
+ }
+ }
+}
+```