Added code to make all the screens secure #579
Conversation
|
I don't understand why you'd want this for a keyboard app. E.g., screenshots have been invaluable for debugging. What scenario does this increase security for? |
|
@TPS : Here is one scenario: A screen-capturing App or a screen Recording can capture everything on the device’s screen. If there is any sensitive activity such as password keystrokes, credit card data, etc, it will capture everything thus compromising the user's data. Below is a demo of the same: |
|
Then make it optional, default off. (LastPass does this optionally, but makes sense, as its purpose is security.) Otherwise, it'd disable screenshots too often, in too many apps, & users would be understandably confused. |
|
I truly hope ambiguous language is causing miscommunication. I often need to make screenshots with the keyboard displayed, this function is imperative to my continued use of HK. Having said that, I absolutely agree that some screens must be "safe". About the miscommunication... I don't have the full picture and I don't have sufficient domain knowledge to speak with authority, I can only hope my inference is correct. ranjeetDS's post can be read to mean that it would be impossible to take any screenshot with the keyboard displayed. I do not support such a concept! The link ranjeetDT provided states "Window flag: treat the content of the window as secure, preventing it from appearing in screenshots or from being viewed on non-secure displays." I interpret the combined statements to mean that ranjeetDT supplied code that allows HK to comply with security concerns of apps that may display sensitive data. This is a good thing!!! The ambiguity resides in the remark " [...] no screenshots can be captured". This is not a good thing and I will point out that most keyboards, including Google's, allow screenshots. Again, I cannot speak with authority because I do not have the requisite knowledge, so I invite ranjeetDT to spend just a few seconds clarifying the issue. Thank you. |
|
@AdamAtkinson 👍 Agreed . Agreed to the point that the screens containing 'sensitive data' should be protected and screenshot should not be allowed to be taken on those screens. If the developer of this application implements FLAG_SECURE only to the screens which he/she knows that it may contain sensitive information, that will be sufficient. |
|
@ranjeetDT Why don't you modify your patch to make it simple to conditionally secure under certain circumstances? E.g., the configurable option is turned on, or there's a password field active, &c? That'd go a long way to making this incredibly useful. |
…in any of the Activities, it can be used by using the method Keyboard.setFlagSecure(Context)
|
@ranjeetDT That's pretty good, &, if it could be worked into the HK settings, even better. |
|
Wow, is it grate stuff aye ! |
Added FLAG_SECURE to all the Activities so that no screenshots can be captured. For further information about FLAG_SECURE, read FLAG_SECURE .