Select release
Introduction

Home

Installation

Configuration

Recommended Responses to Security Issues

Release Notes

Migration to Version 3.2.x

Runtime Protection

RASP Features Overview

Jailbreak Detection

Debugger Detection

Reverse Engineering Tools Detection

HTTP Proxy Detection

Repackaging Detection

Screen Capture Detection

VPN Detection

Active Call Detection

App Presence Detection

User Screenshot Detection

System Passcode Detection

System Biometry Detection

System Screenshot Detection

View product Print v3.3.0

Some types of applications handle sensitive information (for example banking or financial apps).
When the app goes to the background, iOS creates a system snapshot that is later shown in the App Switcher and in some cases on the lock screen. This snapshot may contain sensitive data.

Malwarelytics for Apple can detect the moment when this snapshot is created and optionally cover the UI with an overlay before it happens.

Configuration

let raspConfig = AppProtectionRaspConfig(
    systemScreenshot: .notify(.background)
    // configuration of other RASP features
)

Available values of SystemScreenshotDetectionConfig:

public enum SystemScreenshotDetectionConfig {
    case noAction
    case notify(_ trigger: SystemScreenshotTrigger = .background)
    case hide(_ overlay: ScreenOverlay = .default,
              _ trigger: SystemScreenshotTrigger = .background)
}
Value Description
noAction System screenshot is not handled automatically. No delegate calls are triggered.
notify(_:) Detection is enabled and the delegate is notified via systemScreenshotDetected(). The SDK does not change the UI.
hide(_:,_:) Detection is enabled, the delegate is notified via systemScreenshotDetected(), and the SDK covers the app UI with the configured overlay.

The default value of systemScreenshot is .notify(.background).

Trigger Configuration

public enum SystemScreenshotTrigger {
    case resignActive
    case background
}
Value Description
resignActive Triggered when UIApplication.willResignActiveNotification is posted. Recommended when you want to protect the App Switcher snapshot.
background Triggered when UIApplication.didEnterBackgroundNotification is posted. Useful when the app should be covered while running in background. The system snapshot may already be taken at this point.

Example:

let raspConfig = AppProtectionRaspConfig(
    systemScreenshot: .hide(.blur, .resignActive)
)

ScreenOverlay Configuration

System screenshot detection uses the same overlay configuration type as screen capture detection: ScreenOverlay.

Value Description
.default defines the default behavior that covers the screen with a solid color and application icon.
.color(
color: UIColor)		 defines that the screen will be covered with a solid color.
.image(
image: UIImage)		 defines that the screen will be covered with an image.
.blur defines that the screen will be covered with a strong system blur over a snapshot of the current app content.
.view(
view: UIView)		 defines a custom view supplied by the application. The SDK stretches it to cover the whole screen.

Usage

After the service is created, the system screenshot detection feature can be accessed via AppProtectionRaspDelegate .
This is typically used to add a delegate that reacts to system screenshot events.
Depending on the configuration, the SDK may also automatically hide the UI using an overlay.

Observing Detection

System screenshot detection can trigger a delegate callback when the configured trigger occurs.
To observe these events, implement the AppProtectionRaspDelegate protocol.

Delegate example:

class RaspDelegate: AppProtectionRaspDelegate {

    // other delegate methods…

    func systemScreenshotDetected() {
        // handle system screenshot event (App Switcher snapshot)
        // react according to the application's own security policy
    }
}

The delegate can be added in AppProtectionRasp. When it is no longer needed, it can be removed again.

let raspDelegate = RaspDelegate()
appProtection.rasp.addDelegate(raspDelegate)
appProtection.rasp.removeDelegate(raspDelegate)

Summary

  • Configure system screenshot handling via AppProtectionRaspConfig.systemScreenshot.
  • Choose a trigger using SystemScreenshotTrigger:
    • .resignActive – recommended for App Switcher protection
    • .background – for background-only coverage
  • ScreenOverlay is used to control how the UI is covered when .hide is selected:
    • built-in overlays (default, color, image, blur)
    • custom overlay: .view(_ view: UIView)
  • If .notify is used, the overlay is not applied; only the delegate callback is delivered.
  • React to events via AppProtectionRaspDelegate.systemScreenshotDetected().
Last updated on Nov 27, 2025 (15:24) View product
On this page:
Search

3.3.x

Malwarelytics for Apple