1

I have an Activity, which has a Fragment, inside of which is a ViewPager of images. In the ViewPager, there might be certain images which are sensitive, and the viewer should not be able to take a screenshot of (only) those. When such an item shows, I do:

fragment.getActivty().getWindow().addFlags(FLAG_SECURE).

And then in that fragment's onDestroy (or ViewPager's swipe), I clear that flag on the window.

This works perfectly on Android versions 6.0 and above: when that particular image is open, screenshots are blocked.

However, on Android 5.x and below, the flag update does not take place till there's a configuration change on the hosting Activity.

Does anyone know why this happens? And what's the best workaround?

I found some references here on StackOverflow, talking about the problem and a workaround, but (a) nothing explains why there's this discrepancy and (b) the workaround suggested is very, very high friction: it flashes the entire screen black. References: How to disable screen capture in Android fragment?

Community
  • 1
  • 1
Rohan Dhruva
  • 1,194
  • 1
  • 10
  • 20
  • "I don't want the user to screenshot" -- what does the *user* want? – CommonsWare May 10 '17 at 00:13
  • @CommonsWare, good question: my framing is probably a little off. I'll update to clarify. In this case, the people creating the photos are not the same as people viewing the photos. Imagine a set of pictures where some of them are sensitive enough that the producer doesn't want the viewer to screenshot it. As an app, I'm respecting the producer's wishes, even though it might not be what the viewer wanted. – Rohan Dhruva May 10 '17 at 01:55
  • `FLAG_SECURE` is not DRM. Users can copy the images anyway (root the device and copy them from where you have them cached, use another device to take a photo of the screen, etc.). – CommonsWare May 10 '17 at 11:10
  • @CommonsWare, yes, this is an attempt to block the "low effort" methods like screenshots. Another use case for this might be a fragment that takes credit card information as input, which we don't want screenshotted, but the remainder of the app doesn't need `FLAG_SECURE`. – Rohan Dhruva May 10 '17 at 17:39
  • 1
    IMHO, secure elements like credit card forms need to be standalone. `FLAG_SECURE` has [issues](https://commonsware.com/blog/2016/06/06/psa-flag-secure-window-leaks.html) on top of [issues](https://commonsware.com/blog/2017/04/25/flag_secure-android-o-autofill.html) even in the best of times. IMHO, playing games ("I want *this* piece of the UI to be private, but not the rest, and only under these situations") increases the odds of privacy-leak bugs. – CommonsWare May 10 '17 at 17:43

0 Answers0