Screenshot Blocking and Detection

Apps containing sensitive information frequently block the system screenshot and screen recording features because of data protection. Users and other apps are then prevented from taking screenshots and recording the device screen when the app is in the foreground.

Sometimes it’s also desired to be able to take a screenshot of the screen. In that case, it’s recommended for the app to detect it, so it can warn the user about the potential risks involved.

Malwarelytics for Android is able to block screenshots and screen recordings on all app screens. And since Android 14, it can also detect taken screenshots when they are not blocked. Info about the detections is then delivered through the RaspObserver.

The screenshot blocking and detection feature is applied to the app’s activities. Details about behavior and APIs relevant to activity protection can be found in Activity protection.

Configuration

This feature can be configured during the Malwarelytics initialization phase:

val raspConfig = RaspConfig.Builder()
    .screenshot(
        ScreenshotConfig.Builder()
            .blockAction(BlockConfig.Block)
            .detectionAction(SimpleDetectionConfig.Notify)
            .build()
    )
    // configuration of other RASP features
    .build()
Method Description
blockAction(BlockConfig) specifies the automatic behavior of the screenshot blocking feature. Defaults to BlockConfig.Block.
detectionAction(SimpleDetectionConfig) specifies the automatic behavior of the screenshot detection feature. Defaults to SimpleDetectionConfig.Notify. Screenshot detection works only on Android 14+.

Available values of BlockConfig:

Value Description
NoAction indicates that screenshots will not be automatically blocked.
Block indicates that screenshots will be automatically blocked.

Available values of SimpleDetectionConfig:

Value Description
NoAction indicates that active calls will not be automatically detected. A manual check is still possible.
Notify indicates that active calls will be automatically detected and observers will be notified.

Usage

After initialization, the screenshot blocking and detection feature can be accessed via RaspManager. This can be used to register an observer for screenshot detections or to fine-tune screenshot blocking on certain screens of the app.

Per Activity Fine-Tuning

App designs sometimes require screenshots to be enabled on some screens and blocked on another screens containing sensitive information. For this reason, Malwarelytics for Android offers a fine-tuning API to change the blocking of screenshots per activity.

Screenshots can be enabled on an activity by calling raspManager.enableScreenshotsOnActivity(activity) and later blocked again by calling raspManager.blockScreenshotsOnActivity(activity). The methods should be called from the main thread.

Both methods can also be used when the screenshot blocking feature is disabled in configuration with raspConfigBuilder.blockScreenshots(false). In such a scenario screenshots can be selectively enabled and later disabled on an activity.

When using the fine-tuning API the app developer is responsible for using it correctly. In the case of fragment-based app designs that means correctly enabling and blocking screenshots in fragments attached to the same activity. The automatic blocking feature controlled by the SDK configuration is triggered only for newly created activities.

Screenshot Detection

Android platform allows screenshot detection since Android 14. Screenshot detection is triggered only when screenshots are not blocked. The configuration of both, screenshot blocking and screenshot detection, features are independent to offer per activity fine-tuning. When screenshots are enabled on some activities and screenshot detection is configured, the detection is delivered in the onScreenshotDetected(ScreenshotDetection) method of the RaspObserver.

The screenshot blocking feature also blocks screen recording. The screen detection feature detects only screenshots. Screen recording can be detected with the screen sharing detection.

Registering an Observer

Screenshot detection can trigger a certain action. To achieve that, an observer needs to be configured and registered.

Observer configuration:

val raspObserver = object : RaspObserver {
    override fun onScreenshotDetected(screenshotDetection: ScreenshotDetection) {
        // handle screenshot detection
        // delivered only on Android 14+
    }
    // handle detection of other RASP features
}

The observer can be registered in RaspManager. When it is no longer needed, it can be unregistered again.

The returned data class ScreenshotDetection contains the activityClassName: String property that contains the class name of the activity that was captured in the screenshot.

The screenshot detection feature is available only on Android 14+. The callbacks are not delivered on older versions of Android regardless of the configuration.

More information on general RASP feature configuration and usage can be found in this overview.

Last updated on Jun 11, 2024 (15:58) View product
Search

1.2.x

Malwarelytics for Android