stayaway-app
stayaway-app copied to clipboard
stayawayinesctec
Android - Background Screenshot Available [Security]
The application is disclosing information of the last Activity shown when it is put in background.
It is possible to see this information when the user opens the list of background apps:
Due to the possible sensitive information that might be shown, this should be implement.
Hello @clviper :wave:
TL;DR: We are adding a protector screen for iOS on PR #71, but unfortunately on Android, this cannot be achieved without impairing the user experience and support.
Thank you for calling our attention to this problem. This is a tricky question which has already been discussed on the German-App. Note that at some point this flag was added but it was recently removed.
Since this is a cross-platform app, and the issue that you are pointing out is related to both platforms, I’ll reply to each one separately.
On iOS, this change is straightforward, we simply detect before the app goes inactive and then open a protector screen, which will be closed when it becomes active again. Note that this is already on progress on PR #71.
On Android, this is not easily achievable as you can see in this (issue)[https://stackoverflow.com/questions/43274289/android-customizing-recent-apps-thumbnail-screenshot-by-default]. Since we don’t have a way to know when the OS will take the app screenshot, we cannot prevent it from capture sensitive data. What we could do is to add a “FLAG_SECURE” which will prevent the OS from taking screenshots, resulting in a blank screen on the overview panel. Unfortunately, this will also not permit the user from taking any screenshots while using the app which has shown to be useful for bugs report and team support.
Taking the example of the GermanApp we decided we will not solve this until there is a better way to this on Android.
A solution for the German app exists, currently waiting for a rebase (but the approach is there): https://github.com/corona-warn-app/cwa-app-android/pull/619
