Select release
Introduction

Home

Installation

Configuration

Initialization

Common Usage Scenarios

Recommended Responses to Security Issues

Google Play Prominent Disclosure

SafetyNet Google Play Warning

Device Fingerprinting

Troubleshooting

Release Notes

Migration to Version 1.4.x

Migration to Version 1.3.x

Migration to Version 1.2.x

Migration to Version 1.0.x

Runtime Protection

RASP Features Overview

Debugger Detection

Emulator Detection

Root Detection

Repackaging Detection

Screen Sharing Detection

Blocking Screen Readers

Screenshot Blocking and Detection

Screen Recording Detection

Tapjacking Protection

HTTP Proxy Detection

VPN Detection

Screen Lock Usage

Google Play Protect Status

Changing Process Name

Detection of ADB Status

Detection of Developer Options Status

Detection of Biometry Enrollment Status

Detection of Active Call

App Presence Detection

Spoofed Location Detection

Android Auto Detection

Blocking Emulated Input

Activity protection

RASP Observer

Anti-Malware

Anti-Malware Use-Cases

Anti-Malware Feature Overview

Malware Threat Identification

Malware Threat Mitigation

Listening to App Changes

Installer identification

Smart Protection

Smart Protection UI Customization

Obtaining App Info

Screen Recording Detection

View product v1.4.0

Android devices are capable of recording their screen. Frequently a recorded screen is also shared elsewhere (similar to screen sharing). Screen recording can pose a security risk, as sensitive information might be leaking from app screens.

Since Android 15, Malwarelytics for Android is able to detect that the screen is being recorded and can be configured to terminate the app in such a case. Info about the detections is then delivered through the RaspObserver.

The screen recording detection feature is applied to the app’s activities. Details about behavior and APIs relevant to activity protection can be found in Activity protection.

Configuration

This feature can be configured during the Malwarelytics initialization phase:

val raspConfig = RaspConfig.Builder()
    .screenRecording(DetectionConfig)
    // configuration of other RASP features
    .build()

Available values of DetectionConfig:

Value Description
NoAction indicates that a screen recording will not be automatically detected. And a manual check is not possible.
Notify indicates that a screen recording will be automatically detected and observers will be notified.
Exit(
exitUrl: String?)		 indicates that a screen recording will be automatically detected and the app will be terminated when a screen recording or a transient change of display addition is automatically detected.

Screen recording detection defaults to DetectionConfig.Notify.

List of available parameters for some config values:

Parameter Description
exitUrl: String? defines the URL to be opened when the app is terminated because of the automatic detection. Defaults to null.

Usage

After initialization, the screen recording detection feature can be accessed via RaspManager. This can be used to register an observer or to trigger a manual screen recording detection check.

Registering an Observer

The screen recording detection can trigger a certain action. To achieve that, an observer needs to be configured and registered.

Observer configuration:

val raspObserver = object : RaspObserver {
    override fun onScreenRecordingDetected(screenRecordingDetection: ScreenRecordingDetection) {
        // handle screen recording detection
        // delivered only on Android 15+
    }
    // handle detection of other RASP features
}

The observer can be registered in RaspManager. When it is no longer needed, it can be unregistered again.

raspManager.registerRaspObserver(raspObserver)
raspManager.unregisterRaspObserver(raspObserver)

The ScreenRecordingDetection data class contains the following properties:

Property Description
isScreenBeingRecorded: Boolean indicates whether an activity of the app is being recorded.
activityClassName: String? contains the class name of the activity that is being recorded or that just stopped to be recorded. It is null when the screenVisibility value is NO_DATA.
screenVisibility: ScreenRecordingVisibilityStatus indicates whether an activity of the app became visible or invisible in a recording.

Available values of ScreenRecordingVisibilityStatus:

Value Description
BECOMES_VISIBLE An activity of the app becomes visible in a screen recording.
BECOMES_INVISIBLE An activity of the app becomes invisible in a screen recording.
NO_DATA No activity has ever been visible in a screen recording since the SDK has been initialized. Or the feature is not supported for the current version of Android.

Triggering a Manual Check

The screen recording detection check can be triggered manually in RaspManager. Two methods are available – isScreenBeingRecorded() gives a simple boolean answer, whereas getScreenRecordingDetection() provides more details.

val screenRecordingDetection: ScreenRecordingDetection = raspManager.getScreenRecordingDetection()
val isScreenBeingRecorded: Boolean = raspManager.isScreenBeingRecorded()

Details about Returned Data

Data reported via RaspObserver are related to the current changes to screen recording and navigation between the app’s activities. That means every activity becoming visible in a screen recording is reported. On the other hand, when the app stops being visible in a screen recording, it’s reported only for the last activity that was visible in the reporting.

Manual check returns the latest data that were previously reported via RaspObserver. This means:

  • When the app is being recorded, the data will report the current foreground activity being recorded.
  • When the user leaves the app and another app comes to the foreground, the data will report that the last activity stopped being recorded.
  • When the recording stops while the app is in the foreground, the current foreground activity is reported as stopped being recorded.
  • When no screen recording has ever happened, the data reports the NO_DATA value and no activity class name.

The screen recording detection feature is available only on Android 15+. The callbacks are not delivered on older versions of Android regardless of the configuration. Similarly, the manual check methods report valid data only on Android 15+.

More information on general RASP feature configuration and usage can be found in this overview.

Last updated on May 27, 2025 (17:12) View product
On this page:
Search

1.4.x

Malwarelytics for Android