My idea is:
1. First, find the system file containing the permissions "Android.permission.GET_TASKS" and "android.permission.reorder _ tasks".
2. Write the code of reflection clearing task list and generate apk.
3.ptrace finds the system process and injects our apk into it.
Implementation framework:
By using the system process as a puppet process to break through the system signature verification,
Implementation process:
First, I found the system process with two permissions, which can be found in packages.xml. What I am looking for is the file com.android.systemui, which has two permissions and is a resident process, so it is a knife.