Very interesting UI redress exploit. The fact it can invisibly trigger overlay permission screens via animation callbacks without any permissions makes it hard to detect. Unless Google adds low-level mitigations in the WindowManager or transition stack, these TapTrap attacks will likely remain possible.