home-assistant
Protect password during screenshare
Verify that when typing password during onboarding and with screenshare ON we are properly hiding the password of the user https://developer.android.com/about/versions/15/behavior-changes-all#screenshare_protection
I'm not sure this is something for the app to handle because:
- the behavior change you linked is "Android will do something"
- password fields are inside the WebView, so managed by the frontend
Note that even the keyboard input is still visible when recording/sharing (built-in recorder, using a single app so that should be the new APIs):
https://github.com/user-attachments/assets/1bd24a13-85e0-4e6b-a172-bab7369e3502
I'm not sure this is something for the app to handle because:
* the behavior change you linked is "Android will do something" * password fields are inside the WebView, so managed by the frontendNote that even the keyboard input is still visible when recording/sharing (built-in recorder, using a single app so that should be the new APIs): screen-20250520-144333.mp4
I would like to check if we use https://developer.android.com/reference/android/view/View#setContentSensitivity(int) if it hides the webview and how. If it hides it we could set this flag when we detect that we enter the auth screen.
View#setContentSensitivity is currently not used. However, there are more places in the frontend where you might enter a password after onboarding and we can't realistically set that all the time (as it also blocks things like screenshots, which is annoying).
Indeed we cannot catch all of them, we could see we the frontend if we can send them a flag that the app is being recorded. I think it is a nice feature to hide the typing of a password for security.
We should not set this flag all the time otherwise like you said we can't make screenshots, but we could enable it on specific places when it makes sense and make sure our inputs are properly configured when user is typing a secret.