2

FLAG_SECURE prevents taking screen pictures and screen mirroring. But FLAG_SECURE doesn't prevent screen sharing over USB. I do screen sharing with scrcpy program. DEVELOPMENT_SETTINGS_ENABLED is not a sufficient solution. How can I prevent scrcpy from grabbing my screen? I have to do this on Android Studio. Is there any other method other than flag_secure?

Semra ÖZKAYA
  • 81
  • 2
  • 9
  • "How can I prevent scrcpy from grabbing my screen?" Why do you need this in practice? What's your use case? – rom1v Feb 26 '21 at 14:50
  • because i don't want to allow my app to screen share. For example, netflix app found a way to block screen sharing with scrcpy @rom1v – Semra ÖZKAYA Feb 26 '21 at 14:58
  • Yes, I was asking for the concrete use case (why don't you want your app to be screenshoted?). Netflix uses DRMs. – rom1v Feb 26 '21 at 17:19

2 Answers2

1

But FLAG_SECURE doesn't prevent screen sharing over USB

I can reproduce the problem. I am somewhat surprised that this works.

I had forgotten the history behind all of this. Originally, scrcpy could not access secure windows. They found a workaround in 2019, and it appears that workaround is being blocked in Android 12.

How can I prevent scrcpy from grabbing my screen?

Your app could refuse to run if you detect that USB debugging is enabled. That will make development painful.

AFAIK, scrcpy works by installing and running an agent on the device that works on behalf of the desktop program. You might see if there are ways to detect that agent. This does not stop other attackers, though, from modifying scrcpy in ways that defeat your agent detection logic.

But there is no FLAG_SECURE_NO_REALLY_I_MEAN_IT_THIS_TIME flag for you to use instead of FLAG_SECURE. Nor is there something else for blocking screen access besides FLAG_SECURE that I am aware of.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • Thanks for your answer. Netflix Application has disabled screen sharing with scrcpy. Do you have any idea how Netflix did this? – Semra ÖZKAYA Feb 26 '21 at 14:48
  • @SemraÖZKAYA: If you are seeing this only for video playback, my guess is that the issue is DRM encoding on the videos. If you are seeing this for every Netflix screen, then I do not know how they would accomplish that. – CommonsWare Feb 26 '21 at 14:54
  • is it possible to detect that screen casting is in progress? maybe by accessing Cast SDK? – Milan Markovic Mar 11 '21 at 13:39
  • btw, I'm using FLAG_SECURE and testing it using Google Home app, but I can see everything inside my app, not just the popup dialogs. Also, I've checked in my banking app which also uses it (I know because I cant take screenshots), and also the entire contents of my banking app is visible on TV screen. Am I missing something? – Milan Markovic Mar 11 '21 at 13:41
  • 1
    @MilanMarkovic: Personally, I have not tried the combination of `FLAG_SECURE` and any external display options (`Presentation`, launching activities on external displays on Android 8.0+, screen mirroring, etc.). Note that there are many technical options for displaying the content of a phone on an external display, including direct HDMI ports and USB C HDMI adapters, in addition to software casting options like Google Cast. – CommonsWare Mar 11 '21 at 13:48
  • @CommonsWare Thanks a lot, that clarifies it. – Milan Markovic Mar 12 '21 at 11:40
  • @CommonsWare I guess I could manually hide the contents if the external display is detected. Is detection viable using official APIs? – Milan Markovic Mar 12 '21 at 12:01
  • 1
    @MilanMarkovic: For cases where the OS is dealing with the external display directly, you can use `DisplayManager` or `MediaRouter` to find out about changes. That would cover things like HDMI connections, USB C HDMI adapters, or OS-based wireless solutions (e.g., Miracast). I forget to what extent the Cast SDK triggers anything in `DisplayManager` or `MediaRouter`, though. – CommonsWare Mar 12 '21 at 12:11
-1

I was facing the same issue, even after tried with FLAG_SECURE but the best option is to check if the developer option is enabled or not.

Please follow the below solution to check if the developer option is turned on or not.

  public static int devOptions(Context context) {
    int devOptions = Settings.Secure.getInt(context.getContentResolver(), Settings.Global.DEVELOPMENT_SETTINGS_ENABLED, 0);
    return devOptions;
}

if the response is 1 then the developer option is turned on and you can ask the user to turned off first.

Happy Coding...

Kuldeep Jindani
  • 123
  • 8