PdfViewer icon indicating copy to clipboard operation
PdfViewer copied to clipboard
verified publisher icon GrapheneOS

Consider adding FLAG_SECURE and maybe TouchesWhenObscured

Open yodaforces opened this issue 4 years ago • 2 comments

To prevent screenshots and Tapjacking attacks. Could also be optional via a toggle button.

More details can be found here in the Security section: https://developer.android.com/reference/android/view/View

FLAG_SECURE: https://developer.android.com/reference/android/view/WindowManager.LayoutParams.html#FLAG_SECURE

Source: https://cure53.de/pentest-report_mullvad_2020_v2.pdf

yodaforces avatar Sep 05 '21 23:09 yodaforces

I don't think we want this for the PDF Viewer app by default. It make make sense as an optional or a special mode to avoid ending up with any persistent thumbnails from recent apps but it's not currently planned.

You're greatly overestimating what this does and you're treating it as if it's something that should be used everywhere. It really isn't. It would be the default if it was meant to be used everywhere. The OS handles these things as general purpose issues already and disabling screenshots / thumbnails, etc. really isn't something critical. General issues are not handled by special casing certain things as opting out of it.

thestinger avatar Sep 05 '21 23:09 thestinger

As your saying this should be optional because .pdf files could be of sensitive nature.

yodaforces avatar Sep 06 '21 10:09 yodaforces