pich4ya/MainActivity.kt

## MainActivity.kt
/*
@author longcat (Pichaya Morimoto)

This code snippet can be used to resolve BOT (Bank Of Thailand) mobile security requirement "insecure background"
without hurting user experience in mobile app.

Briefly, when the app is pushed into background mode (user presses the Home button)
Android phone will create screenshot of the current Activity for displaying it in recent apps menu

The recent's app screenshots will be stored at:
- /data/system_ce/0/recent_images/
- /data/system_ce/0/snapshots/

Only root/system user can access these folders, however, it exposes (a very small) risk of insecure data storage
as the malicious apps in rooted device could have access to them and gain access to sensitive info
in the background screenshots.

 */
package longc.at.pwner

import android.support.v7.app.AppCompatActivity
import android.os.Bundle
import android.view.WindowManager

class MainActivity : AppCompatActivity() {

    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        // The line below is the solution can be found on 99% of Google search results
        // it prevents background screenshot in almost all Android versions but the normal screenshot is also blocked
        // and this behavior brutally damages UX in the sense that if a user wants to take screenshot of payment result
        // in an Internet Banking app, he will not able to do it.. LoL
        // window.setFlags(WindowManager.LayoutParams.FLAG_SECURE, WindowManager.LayoutParams.FLAG_SECURE)
        setContentView(R.layout.activity_main)
    }
    /*
        The real solution is to use FLAG_SECURE during onPause() and recover the state in onResume()
        Important note: Only works with Android API version >= 26  (Android 8.0 Oreo and up, 20% of users)
        You have 2 choices, hurts UX with onCreate() FLAG_SECURE, or securing 20% of users with this trick !

        Don't believe in comments at:
        https://stackoverflow.com/questions/43274289/android-customizing-recent-apps-thumbnail-screenshot-by-default
        as they didn't test it in the right Android API versions :|
     */
    override fun onPause() {
        super.onPause()
        // Note: WindowManager.LayoutParams.FLAG_SECURE = 8192
        this.window.setFlags(WindowManager.LayoutParams.FLAG_SECURE, WindowManager.LayoutParams.FLAG_SECURE)
    }
    override fun onResume() {
        super.onResume()
        this.window.clearFlags(WindowManager.LayoutParams.FLAG_SECURE)
    }
}
	/*
	@author longcat (Pichaya Morimoto)

	This code snippet can be used to resolve BOT (Bank Of Thailand) mobile security requirement "insecure background"
	without hurting user experience in mobile app.

	Briefly, when the app is pushed into background mode (user presses the Home button)
	Android phone will create screenshot of the current Activity for displaying it in recent apps menu

	The recent's app screenshots will be stored at:
	- /data/system_ce/0/recent_images/
	- /data/system_ce/0/snapshots/

	Only root/system user can access these folders, however, it exposes (a very small) risk of insecure data storage
	as the malicious apps in rooted device could have access to them and gain access to sensitive info
	in the background screenshots.

	*/
	package longc.at.pwner

	import android.support.v7.app.AppCompatActivity
	import android.os.Bundle
	import android.view.WindowManager

	class MainActivity : AppCompatActivity() {

	override fun onCreate(savedInstanceState: Bundle?) {
	super.onCreate(savedInstanceState)
	// The line below is the solution can be found on 99% of Google search results
	// it prevents background screenshot in almost all Android versions but the normal screenshot is also blocked
	// and this behavior brutally damages UX in the sense that if a user wants to take screenshot of payment result
	// in an Internet Banking app, he will not able to do it.. LoL
	// window.setFlags(WindowManager.LayoutParams.FLAG_SECURE, WindowManager.LayoutParams.FLAG_SECURE)
	setContentView(R.layout.activity_main)
	}
	/*
	The real solution is to use FLAG_SECURE during onPause() and recover the state in onResume()
	Important note: Only works with Android API version >= 26 (Android 8.0 Oreo and up, 20% of users)
	You have 2 choices, hurts UX with onCreate() FLAG_SECURE, or securing 20% of users with this trick !

	Don't believe in comments at:
	https://stackoverflow.com/questions/43274289/android-customizing-recent-apps-thumbnail-screenshot-by-default
	as they didn't test it in the right Android API versions :\|
	*/
	override fun onPause() {
	super.onPause()
	// Note: WindowManager.LayoutParams.FLAG_SECURE = 8192
	this.window.setFlags(WindowManager.LayoutParams.FLAG_SECURE, WindowManager.LayoutParams.FLAG_SECURE)
	}
	override fun onResume() {
	super.onResume()
	this.window.clearFlags(WindowManager.LayoutParams.FLAG_SECURE)
	}
	}