0

I am developing a HIPAA compliant Android app, which requires that all private or sensitive information displayed on the app be hidden when the user taps the "recent apps" button on an Android phone.

I can show an overlay with no issue, but I can't figure out how to capture when the user taps the "Recent Apps" button on the phone.

I have tried putting this code in my base activity: if

@Override
public void onWindowFocusChanged(boolean hasFocus) {
    super.onWindowFocusChanged(hasFocus);
    if (!hasFocus) {
        if(mInflatedView == null) {
            mInflatedView = View.inflate(this, R.layout.background_overlay, null);
        }

        WindowManager.LayoutParams wlp = new WindowManager.LayoutParams();
        wlp.height = WindowManager.LayoutParams.MATCH_PARENT;
        wlp.width = WindowManager.LayoutParams.MATCH_PARENT;
        wlp.flags = WindowManager.LayoutParams.FLAG_KEEP_SCREEN_ON | WindowManager.LayoutParams.FLAG_LAYOUT_IN_SCREEN;

        WindowManager wm = (WindowManager) getSystemService(Context.WINDOW_SERVICE);
        wm.addView(mInflatedView, wlp);
    }
}

which will display an overlay correctly. However, the method onWindowFocusChanged(false) is actually called after the app screenshot is rendered in the "recent apps" expose view.

Does anyone have any idea how to capture user clicks on the "recent apps" button before the OS brings the apps to the exposed view?

Brett
  • 11,637
  • 34
  • 127
  • 213
  • 1
    "which requires that all private or sensitive information displayed on the app be hidden when the user taps the "recent apps" button on an Android phone" -- [use `FLAG_SECURE`](https://stackoverflow.com/a/9822607/115145). Not only is your approach not possible AFAIK, it doesn't cover screenshots. – CommonsWare Jan 11 '17 at 22:08
  • @CommonsWare Thank you! I hadn't heard of `FLAG_SECURE`. Exactly what I was looking for, and a lot simpler to implement. Post this as an answer and I'll accept. – Brett Jan 11 '17 at 22:11
  • Well, technically, it's a duplicate, so I marked it as such. Be sure to test your app thoroughly, though, as `FLAG_SECURE` has small but unfortunate holes. I mention this in that answer, pointing to [this blog post](https://commonsware.com/blog/2016/06/06/psa-flag-secure-window-leaks.html) which, in turn, points to [this analysis and workarounds](https://github.com/commonsguy/cwac-security/blob/master/docs/FLAGSECURE.md). – CommonsWare Jan 11 '17 at 22:16

0 Answers0