Screen Capture Detection

Some types of apps like banking and financial apps handle a lot of sensitive information. The leakage of this data through screen capture is undesirable and should be prevented.

Malwarelytics for Apple is able to detect that the screen is being captured and can be configured to either hide the screen or terminate the app in that case.

Configuration

let raspConfig = AppProtectionRaspConfig(
    screenCapture: ScreenCaptureDetectionConfig
    // configuration of other RASP features
)

Available values of ScreenCaptureDetectionConfig:

Value Description
.noAction indicates that screen capture will not be automatically detected. A manual check is still possible.
.notify indicates that screen capture will be automatically detected and the delegates will be notified via the screenCapturedChanged(Bool) method.
.hide(
overlay: Overlay)
indicates that the app will hide its content when the screen capture is detected. The delegates will be notified via the screenCapturedChanged(Bool) method.
.exit(
exitUrl: String?)
indicates that the screen capture will be automatically detected and the app will be terminated when the screen capture is automatically detected.

Screen capture detection defaults to .notify.

List of available parameters for some config values:

Parameter Description
overlay: Overlay defines the overlay that will be used to hide the contents of the app. Defaults to .default.
exitUrl: String? defines the URL to be opened when the app is terminated because of the automatic detection. Defaults to nil.

Overlay Configuration

Available value of Overlay:

Value Description
.default defines the default behavior that covers the screen with a solid color and application icon.
.color(
color: UIColor)
defines that the screen will be covered with a solid color.
.image(
image: UIImage)
defines that the screen will be covered with an image.

Usage

After service creation, the screen capture detection feature can be accessed via AppProtectionRasp. This can be used to add a delegate or to trigger a manual screen capture detection check.

Observing Detection

The screen capture detection can trigger a certain action. To achieve that, a delegate needs to be added.

Delegate configuration:

class RaspDelegate: AppProtectionRaspDelegate {

    // other delegate code

    func screenCapturedChanged(isCaptured: Bool) {
        // handle screen capture detection (casting to a different device)
    }
}

The delegate can be added in AppProtectionRasp. When it is no longer needed, it can be removed again.

let raspDelegate = RaspDelegate()
appProtection.rasp.addDelegate(raspDelegate)
appProtection.rasp.removeDelegate(raspDelegate)

Triggering a Manual Check

The screen capture detection check can be triggered manually in AppProtectionRasp by getting the isScreenCaptured property value. A simple Bool answer is given.

let isScreenCaptured = appProtection.rasp.isScreenCaptured

More information on general RASP feature configuration and usage can be found in this overview.

Last updated on Apr 11, 2024 (08:13) View product
Search

develop

Malwarelytics for Apple