This document details ways to monitor sensitive activities, such as user logins and online purchases.
FLAG_SECURE
FLAG_SECURE is a Window flag that tells Android not to allow screenshots
or to display the window view on a non-secure display (such as Casting the
screen). This is useful for applications that need to protect sensitive
information, like banking apps or password managers. When a window is flagged
with FLAG_SECURE, Android prevents screenshots from being taken and prevents
the window from being displayed on a non-secure display, such as a TV or
projector. This helps to protect the information that is being displayed in the
window from being accessed by unauthorized people.
How this helps mitigate fraud
A malicious app or entity might retrieve background screenshots. When the state
of your app changes to the background, FLAG_SECURE can be used. When the
screenshot is taken the resulting image is blank.
FLAG_SECURE also helps with remote screen sharing use cases. It isn't always a
malicious app that will retrieve screenshots, legitimate screen sharing apps are
also commonly found used in fraudulent situations.
Implementation
For views with the information you want protected, add the following:
Kotlin
window?.setFlags(
WindowManager.LayoutParams.FLAG_SECURE,
WindowManager.LayoutParams.FLAG_SECURE
)
Java
window.setFlags( WindowManager.LayoutParams.FLAG_SECURE, WindowManager.LayoutParams.FLAG_SECURE );
Best practices
It is important to note that this approach isn't reliable in preventing overlay
attacks. In some cases it does not correctly predict if screen recording is
active, however it does cover most use cases. To mitigate overlay attacks, read
the next section about HIDE_OVERLAY_WINDOWS permissions.
HIDE_OVERLAY_WINDOWS
HIDE_OVERLAY_WINDOWS is a permission added in Android 12 where your app can
opt-out of having application overlays drawn over it. In Android 12 we have made
it harder to acquire the SYSTEM_ALERT_WINDOW permission, essentially
allowing your app to block overlays from third-party apps.
How this helps mitigate fraud
When you enable the HIDE_OVERLAY_WINDOWS permission you are opting out of
having application overlays drawn on top of your app. This permission provides a
protection mechanism against cloak and dagger attacks.
Implementation
To enable this permission, add HIDE_OVERLAY_WINDOWS to your project's
manifest.
Best practices
As with any permission, you should trust any overlay app at least as much as you trust any other app on the device. In other words, your app shouldn't allow other apps to draw overlays over it unless you know the other app is trustworthy. Allowing an app to draw over other apps can be dangerous because it can steal passwords or read messages.