Update test and add new demos for screenshot prevention in Android #3457
Conversation
…stem-generated and user-initiated snapshots, and their security implications.
…ks of screenshots, screen recordings, and nonsecure displays, while emphasizing the use of FLAG_SECURE for enhanced security.
…management in Android
…DEMO-0061 - Revise title and sample description to clarify the use of FLAG_SECURE in Activities and Dialogs. - Enhance the implementation in `MastgTest.kt` to demonstrate setting and clearing FLAG_SECURE for both Activity and Dialog. - Update `MastgTest_reversed.java` to reflect changes in the FLAG_SECURE handling. - Modify output.txt to include multiple code findings related to FLAG_SECURE usage.
…sitive data handling
…etailed guidelines for FLAG_SECURE and Recents screenshot handling in Android 13+
…re-android-screenshots-testing
There was a problem hiding this comment.
Pull Request Overview
This PR updates test and documentation for screenshot prevention in Android, adding comprehensive coverage for FLAG_SECURE, setRecentsScreenshotEnabled, and Compose dialog security. It provides new guidance for identifying sensitive screens and handling recents screenshots on Android 13+.
- Expanded test documentation with detailed guidelines for UI components, SurfaceViews, and Compose dialogs
- Added new semgrep rules for detecting improper FLAG_SECURE usage and recents screenshot handling
- Created comprehensive demo examples showing both correct and incorrect implementations
Reviewed Changes
Copilot reviewed 20 out of 20 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0291.md | Expanded with detailed guidelines for FLAG_SECURE usage across different UI components |
| rules/mastg-android-sensitive-data-in-screenshot.yml | Added new detection rules for FLAG_SECURE clearing and recents screenshot control |
| prerequisites/identify-sensitive-screens.md | New guidance for identifying screens requiring screenshot protection |
| knowledge/android/MASVS-STORAGE/MASTG-KNOW-0053.md | Updated with system vs user-initiated screenshot distinctions |
| demos/android/MASVS-PLATFORM/MASTG-DEMO-0061/ | Enhanced demo showing FLAG_SECURE setting and clearing patterns |
| demos/android/MASVS-PLATFORM/MASTG-DEMO-0062/ | New demo for recents screenshot control via setRecentsScreenshotEnabled |
| demos/android/MASVS-PLATFORM/MASTG-DEMO-0063/ | New demo for Compose dialog security policies |
| best-practices/MASTG-BEST-0014.md | Updated with comprehensive screenshot prevention guidance |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
…On for Compose components
…t practices for overlay attacks
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 34 out of 34 changed files in this pull request and generated 4 comments.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Co-authored-by: Copilot <[email protected]>
…re-android-screenshots-testing
| weakness: MASWE-0055 | ||
| status: placeholder | ||
| note: This test verifies whether an app prevents sensitive data from being captured in screenshots and screen recordings of `SurfaceView` components. | ||
| threat: [app, root] |
There was a problem hiding this comment.
| threat: [app, root] | |
| threat: [app, root, user-computer] |
| weakness: MASWE-0055 | ||
| status: placeholder | ||
| note: This test verifies whether an app prevents sensitive data from being captured in screenshots and screen recordings of Jetpack Compose dialogs. | ||
| threat: [app, root] |
There was a problem hiding this comment.
| threat: [app, root] | |
| threat: [app, root, user-computer] |
|
|
||
| Using `FLAG_SECURE` consistently on all UI components as indicated in @MASTG-BEST-0014 helps prevent system-generated snapshots from showing sensitive data in the [Recents screen](https://developer.android.com/guide/components/activities/recents) when the app is backgrounded. However, getting it right can be challenging, as there's no global setting to enforce it across the entire app. | ||
|
|
||
| Starting with Android 13 (API level 33), you can use [`setRecentsScreenshotEnabled(false)`](https://developer.android.com/reference/android/app/Activity#setRecentsScreenshotEnabled(boolean)) to ensure that the app's content is not shown in the Recents screen when backgrounded. |
There was a problem hiding this comment.
Is there any way to prevent it on earlier Android versions? I tried setting Visibility.GONE on some views in Activity.onPause() and Activity.onUserLeaveHint() but these functions are invoked too late.
There was a problem hiding this comment.
This is new, that's why I started it with "Starting with Android 13 (API level 33)," should we add a clarification that no equivalent methods exist in previous Android versions?
There was a problem hiding this comment.
I think we should at least mention the state on the previous Android versions if we can't really find a nice work-around for it.
demos/android/MASVS-PLATFORM/MASTG-DEMO-0061/MASTG-DEMO-0061.md
Outdated
Show resolved
Hide resolved
This PR updates test and documentation for screenshot prevention in Android, adding comprehensive coverage for
FLAG_SECURE,setRecentsScreenshotEnabled, and Compose dialog security. It provides new guidance for identifying sensitive screens and handling recents screenshots on Android 13+.