Application prevents taking screenshots
Application prevents taking screenshots
Description
The application is programmatically preventing screenshots, which prevents the Monkey Tester (Ostorlab's automated mobile crawler) from computing coverage.
Android applications can programmatically block taking screenshots:
- Use the
FLAG_SECURE
window flag:
By setting the FLAG_SECURE
window flag, you can prevent the content of your app's window from appearing in screenshots or from being viewed on non-secure displays.
To set the FLAG_SECURE
window flag, you can call setFlags()
on your Window object and pass in the FLAG_SECURE
flag. For example:
getWindow().setFlags(WindowManager.LayoutParams.FLAG_SECURE,
WindowManager.LayoutParams.FLAG_SECURE);
Note that this will also prevent the content of your app's window from being recorded by screen recording apps.
- Use the
MediaProjection
API:
The MediaProjection
API allows you to capture the content of the device's screen in real-time. By using this API, you can programmatically block taking screenshots by simply not starting the screen capture session when the user attempts to take a screenshot.
To use the MediaProjection
API, you will need to request the CAPTURE_SCREENSHOT
or CAPTURE_VIDEO_OUTPUT
permission, depending on your use case. You can then create a MediaProjection object and call start()
to begin the screen capture session.
MediaProjectionManager mediaProjectionManager =
(MediaProjectionManager) getSystemService(Context.MEDIA_PROJECTION_SERVICE);
Intent permissionIntent = mediaProjectionManager.createScreenCaptureIntent();
startActivityForResult(permissionIntent, REQUEST_SCREENSHOT);
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
if (requestCode == REQUEST_SCREENSHOT) {
if (resultCode == RESULT_OK) {
// Start the screen capture session
MediaProjection mediaProjection = mediaProjectionManager.getMediaProjection(resultCode, data);
mediaProjection.start();
}
}
}
You can then stop the screen capture session by calling stop()
on the MediaProjection
object.
- Use the
MediaProjectionManager
API:
The MediaProjectionManager
API provides a system service that allows you to manage screen capture sessions. You can use this API to programmatically block taking screenshots by checking if a screen capture session is active before allowing the user to take a screenshot.
To use the MediaProjectionManager
API, you can call isProjectionActive()
to check if a screen capture session is currently active. If a screen capture session is active, you can prevent the user from taking a screenshot.
MediaProjectionManager mediaProjectionManager =
(MediaProjectionManager) getSystemService(Context.MEDIA_PROJECTION_SERVICE);
if (mediaProjectionManager.isProjectionActive()) {
// A screen capture session is active, so prevent the user from taking a screenshot
} else {
// A screen capture session is not active, so allow the user to take a screenshot
}
Recommendation
This entry is informative, no recommendations applicable.
Links
- Android Developer FLAG_SECURE
- Android Developer MediaProjection
- Android Developer MediaProjectionManager
Standards
- OWASP_MASVS_L1:
- MSTG_PLATFORM_4
- OWASP_MASVS_L2:
- MSTG_PLATFORM_4
- OWASP_MASVS_v2_1:
- MASVS_PLATFORM_1