7

I am developing an Android application that places a high priority on protecting the user's data, to the point of storing nothing in persistent memory on the local device.

To further protect user data, we want to make a web-service call to our server whenever someone attempts to take a screenshot of the active application.

Solutions that I have seen so far include this snippet intended to prevent the screenshot from being taken and throwing a screenshot failure message in a Toast at the user. Another approach I was considering was listening for the combination of Volume Down and Power button that some devices use to take screenshots (though devices such as the Samsung S4 deviate from this method). My last resort was going to use a FileObserver in the location of the screenshot Gallery for changes while the app is running, but that also seems like a sub-optimal solution and introduces a Permission request that I'd rather not have. I also can't be sure of the file destination for the images.

I believe the Snapchat app is able to alert participants when a remote user attempts to take a screenshot. Do you have any suggestions on how this feature might be implemented, short of rooting the device? Non-official methods are welcome as well.

Community
  • 1
  • 1
Brandon Dockery
  • 185
  • 1
  • 8
  • 3
    Don't forget that a user can take a photo of their screen and share the sensitive data anyway. Also, nothing prevents them from hooking up their device with a usb cable to their computer and take a screenshot via adb. Although, here may be an answer that you are looking for: http://stackoverflow.com/a/9822607/379245 – BVB Jul 01 '14 at 03:57
  • 1
    Thanks! I realize that it will never be 100% secure, and that any user who really wants to can preserve the data undetected. Due to the app's function, however, and the environment in which it would be used, there is little risk of the screen being photographed or screen-grabbed using DDMS. We are, however, trying to put in as many measures as possible to prevent this through the device. The link you posted is essentially the code snippet in my first link, and in the end that may be all I can do. I was interested to how applications such as Snapchat were able to report this, though. – Brandon Dockery Jul 01 '14 at 04:04
  • 1
    Ultimately I wound up using the FLAG_SECURE param on my window. So far it seems to prevent normal screenshots on ICS+ and through DDMS. I'm not sure whether it could be circumvented by someone with root access though. Any ideas on whether it's vulnerable to that? – Brandon Dockery Jul 08 '14 at 03:34
  • I believe that with root, you can pretty much work around most things, so I would assume that taking a screenshot with root would still be possible. – BVB Jul 08 '14 at 16:36

1 Answers1

0

FLAG_SECURE is probably the best way to avoid screenshots in a window, but as some commenters say here it has some workarounds.

Maybe this answer solves the question about how do they do it in Snapchat to detect when a screenshot has been taken.

Community
  • 1
  • 1
Hugo
  • 1,662
  • 18
  • 35