android-browser-helper icon indicating copy to clipboard operation
android-browser-helper copied to clipboard

Published 20 hours ago verified publisher icon GoogleChrome

Where to add 'FLAG_SECURE' to block screen capture for entire TWA?

Open jitendra1607 opened this issue 3 years ago • 12 comments

Where to add 'FLAG_SECURE' to block screen capture for the entire TWA? Which activity needs to be extended? In docs, I found that I need to use this flag on each activity. So I think in TWA we have only one main activity, can you provide little hint or some sample code. By the way, I am already using Notification delegation.

https://developer.android.com/reference/android/view/WindowManager.LayoutParams

jitendra1607 avatar May 04 '21 13:05 jitendra1607

This isn't possible at the moment.

The Activity that shows all of your web content is owned by the browser, so we'd need to implement some way to tell the browser to do this, and the browser would need to implement setting FLAG_SECURE itself.

I'll mark this as a feature request.

PEConn avatar May 06 '21 09:05 PEConn

Do you mind sharing your use case?

PEConn avatar May 06 '21 10:05 PEConn

@PEConn I have LMS software in which an institute shares study material in the form of PDF, images and recorded videos mainly. Now a days all native android LMS apps has this feature and the same is being demanded in PWA/TWA too.

jitendra1607 avatar May 06 '21 10:05 jitendra1607

This isn't possible at the moment.

The Activity that shows all of your web content is owned by the browser, so we'd need to implement some way to tell the browser to do this, and the browser would need to implement setting FLAG_SECURE itself.

I'll mark this as a feature request.

as per your reply, I suggest that we can have control to activate/deactivate this flag as per our requirement in-app. I means I would like to allow a student to take screenshot of fee payments but block the same for digital study material.

jitendra1607 avatar May 06 '21 10:05 jitendra1607

This sounds interesting, however it would require changes to the browsers supporting Trusted Web Activity, and an issue should be filed for them to support it (https://crbug.com/ for Chrome). Another question is how to prioritise this particular feature agains others.

andreban avatar May 13 '21 14:05 andreban

I looked but don't that this feature request is submited on https://crbug.com/. Can anyone send me link to this feature request there if can find it? Thanks

sasabajic avatar Feb 16 '22 18:02 sasabajic

I looked but don't that this feature request is submited on https://crbug.com/. Can anyone send me link to this feature request there if can find it? Thanks

couldn't find one as well. submitted an issue: https://bugs.chromium.org/p/chromium/issues/detail?id=1329420

wooparadog avatar May 26 '22 06:05 wooparadog

Any update regarding this @PEConn @andreban ? We are also in need of this feature for our LMS software, as this is a common feature in most of the LMS apps. Is there any workaround for this until now?

AslamThachapalli avatar Mar 26 '23 13:03 AslamThachapalli

Hey,

As above, this requires changes in both this library and in the web browser and unfortunately it's not something we're likely to prioritise (if you can share usage numbers, that would help).

For workarounds, you could force your app to launch as the WebView fallback - in this case you can add the necessary flags to WebViewFallbackActivity. To do this, create your own LauncherActivity (extending from it), and overwrite launchTwa to something like:

@Override
protected void launchTwa() {
        Intent intent = WebViewFallbackActivity.createLaunchIntent(this,
            getLaunchingUrl(), LauncherActivityMetadata.parse(this));
        startActivity(intent);
}

PEConn avatar Mar 28 '23 10:03 PEConn

Yeah, the provided solution is working fine. I was able to disable the screenshot and screen recording. But a couple of concerns. Won't using this WebViewFallback destroys the crux of twa, like now it is not rendered on chrome engine right? So will I be able to utilise the twa features like may be cookies and what about this notification deligation? Will i have access to that and other features provided by the library, or should I turn back to native notification functionality?

AslamThachapalli avatar Mar 29 '23 16:03 AslamThachapalli

You're right, this technically isn't using TWAs and so won't share state (such as login/cookies/etc) with the user's default browser, and yes, notification delegation won't work so you should use native functionality.

There are other libraries that allow you to bundle a website as a native app to be displayed in WebView - Cordova is the one that springs to mind, though to be honest I've not done much research in the area. They will likely do a better job for this use case, providing a more fleshed out WebView solution.

PEConn avatar Mar 30 '23 13:03 PEConn

I back this up, this is a very valid use case and would love to have a flag secure alternative in twa.

soulr344 avatar Jul 23 '23 15:07 soulr344