Merge pull request #9 from algorandfoundation/feat/prevent-screenshots

feat: prevent screenshots of sensitive data.

Author: bwmx

__tests__/lib/screenshotManager-test.ts

@@ -0,0 +1,148 @@
+/**
+ * Tests for lib/screenshotManager.ts
+ *
+ * Because screenshotManager is a singleton, each test uses jest.resetModules()
+ * + a fresh require() so state never leaks between cases.
+ *
+ * enable() / disable() / reset() return the internal queue promise, so tests
+ * can await the returned value directly instead of relying on setImmediate.
+ */
+
+import type { screenshotManager as ScreenshotManagerType } from "../../lib/screenshotManager";
+
+describe("ScreenshotManager", () => {
+  let manager: typeof ScreenshotManagerType;
+  let mockPrevent: jest.Mock;
+  let mockAllow: jest.Mock;
+
+  beforeEach(() => {
+    jest.resetModules();
+
+    mockPrevent = jest.fn().mockResolvedValue(undefined);
+    mockAllow = jest.fn().mockResolvedValue(undefined);
+
+    // Register fresh mock factory after resetting the module registry.
+    jest.mock("expo-screen-capture", () => ({
+      preventScreenCaptureAsync: mockPrevent,
+      allowScreenCaptureAsync: mockAllow,
+    }));
+
+    ({ screenshotManager: manager } =
+      // eslint-disable-next-line @typescript-eslint/no-require-imports
+      require("../../lib/screenshotManager") as {
+        screenshotManager: typeof ScreenshotManagerType;
+      });
+  });
+
+  // ── basic enable / disable ────────────────────────────────────────────────
+
+  it("single enable() calls preventScreenCaptureAsync once", async () => {
+    await manager.enable();
+
+    expect(mockPrevent).toHaveBeenCalledTimes(1);
+    expect(mockAllow).not.toHaveBeenCalled();
+  });
+
+  it("multiple enable() calls only invoke preventScreenCaptureAsync once", async () => {
+    await manager.enable();
+    await manager.enable();
+    await manager.enable();
+
+    expect(mockPrevent).toHaveBeenCalledTimes(1);
+    expect(mockAllow).not.toHaveBeenCalled();
+  });
+
+  it("enable() × 2 then disable() × 1 does not call allowScreenCaptureAsync", async () => {
+    await manager.enable();
+    await manager.enable();
+
+    await manager.disable();
+
+    expect(mockAllow).not.toHaveBeenCalled();
+  });
+
+  it("enable() × 2 then disable() × 2 calls allowScreenCaptureAsync once", async () => {
+    await manager.enable();
+    await manager.enable();
+
+    await manager.disable();
+    await manager.disable();
+
+    expect(mockPrevent).toHaveBeenCalledTimes(1);
+    expect(mockAllow).toHaveBeenCalledTimes(1);
+  });
+
+  it("disable() when count is already 0 does not call any API", async () => {
+    await manager.disable();
+
+    expect(mockPrevent).not.toHaveBeenCalled();
+    expect(mockAllow).not.toHaveBeenCalled();
+  });
+
+  // ── failure resilience ────────────────────────────────────────────────────
+
+  it("preventScreenCaptureAsync failure leaves enabled=false so next enable() retries", async () => {
+    mockPrevent.mockRejectedValueOnce(new Error("permission denied"));
+
+    await manager.enable();
+
+    expect(mockPrevent).toHaveBeenCalledTimes(1);
+
+    // enabled is still false internally — a subsequent enable() must retry.
+    await manager.enable();
+
+    expect(mockPrevent).toHaveBeenCalledTimes(2);
+  });
+
+  it("allowScreenCaptureAsync failure leaves enabled=true so next disable() retries", async () => {
+    await manager.enable();
+
+    mockAllow.mockRejectedValueOnce(new Error("system error"));
+
+    await manager.disable();
+
+    expect(mockAllow).toHaveBeenCalledTimes(1);
+
+    // enabled is still true internally — a subsequent disable() must retry.
+    await manager.disable();
+
+    expect(mockAllow).toHaveBeenCalledTimes(2);
+  });
+
+  // ── queue serialisation ───────────────────────────────────────────────────
+
+  it("rapid enable/disable/enable settles with prevention active", async () => {
+    // All three must be enqueued synchronously so the queue coalesces them.
+    // By the time all updates run, count=1 and the intermediate disable
+    // transition is a no-op (enabled stays true after the first enable).
+    manager.enable();
+    manager.disable();
+    await manager.enable();
+
+    expect(mockPrevent).toHaveBeenCalledTimes(1);
+    expect(mockAllow).not.toHaveBeenCalled();
+  });
+
+  // ── reset ─────────────────────────────────────────────────────────────────
+
+  it("reset() while enabled forces allowScreenCaptureAsync and clears count", async () => {
+    await manager.enable();
+    await manager.enable(); // count=2, enabled=true
+
+    await manager.reset(); // count=0 → should disable
+
+    expect(mockAllow).toHaveBeenCalledTimes(1);
+
+    // Further disable() should be a no-op (count already 0, enabled already false).
+    await manager.disable();
+
+    expect(mockAllow).toHaveBeenCalledTimes(1);
+  });
+
+  it("reset() when already disabled is a no-op", async () => {
+    await manager.reset();
+
+    expect(mockPrevent).not.toHaveBeenCalled();
+    expect(mockAllow).not.toHaveBeenCalled();
+  });
+});

app/_layout.tsx

@@ -15,6 +15,7 @@ import {registerGlobals} from "react-native-webrtc";
 import { globalPolyfill, setupNavigatorPolyfill } from "@/lib/polyfill";
 import ReactNativePasskeyAutofill from "@algorandfoundation/react-native-passkey-autofill";
 import { CredentialProviderService } from "@/lib/credentialProvider";
+import { PreventScreenshotProvider } from "@/providers/PreventScreenshotProvider";
 import React from "react";
 
 globalPolyfill()
@@ -139,10 +140,12 @@ export default function RootLayout() {
   });
 
   return (
-    <WalletProvider
-      provider={provider}
-    >
-      <Stack />
-    </WalletProvider>
+    <PreventScreenshotProvider>
+      <WalletProvider
+        provider={provider}
+      >
+        <Stack />
+      </WalletProvider>
+    </PreventScreenshotProvider>
   )
 }

app/import.tsx

@@ -7,6 +7,7 @@ import { MaterialIcons } from '@expo/vector-icons';
 import { wordlist } from '@scure/bip39/wordlists/english.js';
 import { validateMnemonic, mnemonicToSeed } from '@scure/bip39';
 import { useProvider } from '@/hooks/useProvider';
+import { PreventScreenshot } from '@/components/PreventScreenshot';
 
 // Extract provider configuration from expo-constants
 const config = Constants.expoConfig?.extra?.provider || {
@@ -138,18 +139,20 @@ export default function ImportWalletScreen() {
 
           <View style={styles.importInputContainer}>
             <Text style={styles.importLabel}>Recovery Phrase (24 words)</Text>
-            <TextInput
-              style={styles.importTextInput}
-              multiline
-              numberOfLines={8}
-              placeholder="Enter your 24-word recovery phrase here...&#10;word1 word2 word3 ..."
-              placeholderTextColor="#94A3B8"
-              value={importText}
-              onChangeText={setImportText}
-              autoCapitalize="none"
-              autoCorrect={false}
-              textAlignVertical="top"
-            />
+            <PreventScreenshot>
+              <TextInput
+                style={styles.importTextInput}
+                multiline
+                numberOfLines={8}
+                placeholder="Enter your 24-word recovery phrase here...&#10;word1 word2 word3 ..."
+                placeholderTextColor="#94A3B8"
+                value={importText}
+                onChangeText={setImportText}
+                autoCapitalize="none"
+                autoCorrect={false}
+                textAlignVertical="top"
+              />
+            </PreventScreenshot>
             <Text style={styles.importHelper}>
               Words entered: {importText.split(/\s+/).filter(w => w.length > 0).length} / 24
             </Text>

app/onboarding.tsx

@@ -13,6 +13,7 @@ import * as bip39 from '@scure/bip39';
 import { useProvider } from '@/hooks/useProvider'
 import { mnemonicToSeed } from '@scure/bip39'
 import ReactNativePasskeyAutofill from "@algorandfoundation/react-native-passkey-autofill";
+import { PreventScreenshot } from '@/components/PreventScreenshot';
 
 
 // Extract provider configuration from expo-constants
@@ -237,7 +238,7 @@ export default function OnboardingScreen() {
               </View>
 
               {!isBackupVerified && (
-                <>
+                <PreventScreenshot enabled={isPhraseVisible}>
                   <SeedPhrase
                     recoveryPhrase={recoveryPhrase || []}
                     showSeed={isPhraseVisible}
@@ -247,7 +248,7 @@ export default function OnboardingScreen() {
                     }
                     primaryColor={primaryColor}
                   />
-                </>
+                </PreventScreenshot>
               )}
             </ScrollView>
 

components/PreventScreenshot.tsx

@@ -0,0 +1,12 @@
+import { usePreventScreenshot } from "@/hooks/usePreventScreenshot";
+
+type Props = {
+  enabled?: boolean;
+  children: React.ReactNode;
+};
+
+export function PreventScreenshot({ enabled = true, children }: Props) {
+  usePreventScreenshot(enabled);
+
+  return <>{children}</>;
+}

hooks/usePreventScreenshot.ts

@@ -0,0 +1,18 @@
+import { screenshotManager } from "@/lib/screenshotManager";
+import { useEffect } from "react";
+
+export function usePreventScreenshot(enabled = true) {
+  useEffect(() => {
+    if (!enabled) return;
+
+    void screenshotManager.enable().catch((error) => {
+      console.error("Failed to enable screenshot prevention: ", error);
+    });
+
+    return () => {
+      void screenshotManager.disable().catch((error) => {
+        console.error("Failed to disable screenshot prevention: ", error);
+      });
+    };
+  }, [enabled]);
+}

lib/screenshotManager.ts

@@ -0,0 +1,52 @@
+import * as ScreenCapture from "expo-screen-capture";
+
+class ScreenshotManager {
+  private count = 0;
+  private enabled = false;
+  private queue: Promise<void> = Promise.resolve();
+
+  private async update() {
+    const shouldEnable = this.count > 0;
+
+    if (shouldEnable === this.enabled) return;
+
+    const currentCount = this.count; // Capture the current count for logging
+
+    if (shouldEnable) {
+      await ScreenCapture.preventScreenCaptureAsync();
+      this.enabled = true;
+      console.debug("Screenshot prevention enabled. Count:", currentCount);
+    } else {
+      await ScreenCapture.allowScreenCaptureAsync();
+      this.enabled = false;
+      console.debug("Screenshot prevention disabled. Count:", currentCount);
+    }
+  }
+
+  private enqueue(): Promise<void> {
+    this.queue = this.queue
+      .then(() => this.update())
+      .catch((error) => {
+        // Swallow the error so that subsequent operations are not blocked.
+        console.error("Failed to update screenshot capture state: ", error);
+      });
+    return this.queue;
+  }
+
+  enable(): Promise<void> {
+    this.count++;
+    return this.enqueue();
+  }
+
+  disable(): Promise<void> {
+    this.count = Math.max(0, this.count - 1);
+    return this.enqueue();
+  }
+
+  reset(): Promise<void> {
+    this.count = 0;
+    return this.enqueue();
+  }
+}
+
+export const screenshotManager = new ScreenshotManager();

package-lock.json

@@ -48,6 +48,7 @@
     "expo-image": "~3.0.11",
     "expo-linking": "~8.0.11",
     "expo-router": "~6.0.23",
+    "expo-screen-capture": "~8.0.9",
     "expo-splash-screen": "~31.0.13",
     "expo-status-bar": "~3.0.9",
     "expo-symbols": "~1.0.8",

package.json

@@ -0,0 +1,20 @@
+import { screenshotManager } from "@/lib/screenshotManager";
+import React, { useEffect } from "react";
+
+// Not really a provider, but this is where we can do the safety reset on unmount
+export function PreventScreenshotProvider({
+  children,
+}: {
+  children: React.ReactNode;
+}) {
+  useEffect(() => {
+    return () => {
+      // Safety reset when app unmounts
+      screenshotManager.reset().catch((error) => {
+        console.error("Failed to reset screenshot manager on unmount: ", error);
+      });
+    };
+  }, []);
+
+  return <>{children}</>;
+}