Last active
April 1, 2022 12:56
-
-
Save pich4ya/582686e32b576a7cc887168fe0c4f7e3 to your computer and use it in GitHub Desktop.
Android: Preventing Sensitive Information From Appearing In Background Screenshot (Recent App)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
@author longcat (Pichaya Morimoto) | |
This code snippet can be used to resolve BOT (Bank Of Thailand) mobile security requirement "insecure background" | |
without hurting user experience in mobile app. | |
Briefly, when the app is pushed into background mode (user presses the Home button) | |
Android phone will create screenshot of the current Activity for displaying it in recent apps menu | |
The recent's app screenshots will be stored at: | |
- /data/system_ce/0/recent_images/ | |
- /data/system_ce/0/snapshots/ | |
Only root/system user can access these folders, however, it exposes (a very small) risk of insecure data storage | |
as the malicious apps in rooted device could have access to them and gain access to sensitive info | |
in the background screenshots. | |
*/ | |
package longc.at.pwner | |
import android.support.v7.app.AppCompatActivity | |
import android.os.Bundle | |
import android.view.WindowManager | |
class MainActivity : AppCompatActivity() { | |
override fun onCreate(savedInstanceState: Bundle?) { | |
super.onCreate(savedInstanceState) | |
// The line below is the solution can be found on 99% of Google search results | |
// it prevents background screenshot in almost all Android versions but the normal screenshot is also blocked | |
// and this behavior brutally damages UX in the sense that if a user wants to take screenshot of payment result | |
// in an Internet Banking app, he will not able to do it.. LoL | |
// window.setFlags(WindowManager.LayoutParams.FLAG_SECURE, WindowManager.LayoutParams.FLAG_SECURE) | |
setContentView(R.layout.activity_main) | |
} | |
/* | |
The real solution is to use FLAG_SECURE during onPause() and recover the state in onResume() | |
Important note: Only works with Android API version >= 26 (Android 8.0 Oreo and up, 20% of users) | |
You have 2 choices, hurts UX with onCreate() FLAG_SECURE, or securing 20% of users with this trick ! | |
Don't believe in comments at: | |
https://stackoverflow.com/questions/43274289/android-customizing-recent-apps-thumbnail-screenshot-by-default | |
as they didn't test it in the right Android API versions :| | |
*/ | |
override fun onPause() { | |
super.onPause() | |
// Note: WindowManager.LayoutParams.FLAG_SECURE = 8192 | |
this.window.setFlags(WindowManager.LayoutParams.FLAG_SECURE, WindowManager.LayoutParams.FLAG_SECURE) | |
} | |
override fun onResume() { | |
super.onResume() | |
this.window.clearFlags(WindowManager.LayoutParams.FLAG_SECURE) | |
} | |
} |
yeah, flag should be set in onCreate only, did you guys find any solution?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The above solution is not working.