Skip to content
This repository was archived by the owner on Jun 20, 2023. It is now read-only.

Hide app content in app launcher (EXPOSUREAPP-2612) #1390

Merged
merged 1 commit into from
Oct 26, 2020
Merged

Hide app content in app launcher (EXPOSUREAPP-2612) #1390

merged 1 commit into from
Oct 26, 2020

Conversation

@ralfgehrer
Copy link
Contributor

@ralfgehrer ralfgehrer commented Oct 13, 2020

Description

  • The app preview in the app launcher is blank (no content)
  • The ability to create screenshots withing the app is not affected

How to test
Run the app and validate the above-mentioned criteria on any screen you can navigate to:

  • You should be able to take screenshots of any screen
  • The app launcher shall not show the app's content (on none-rooted devices)

Screenshots
Screenshot_20201013-113702
Screenshot_20201013-113712

@ralfgehrer ralfgehrer added the maintainers Tag pull requests created by maintainers label Oct 13, 2020
@ralfgehrer ralfgehrer added this to the 1.6.0 milestone Oct 13, 2020
@ralfgehrer ralfgehrer requested a review from a team October 13, 2020 09:45
@d4rken
Copy link
Member

d4rken commented Oct 13, 2020

Works on a Huawei CLT-L09 (Android 8.1.0):
device-2020-10-13-140333

Works on a Pixel 3a Emulator (Android 11):
device-2020-10-13-141526

Doesn't work on a rooted Pixel 3a (Android 11):
device-2020-10-13-140120

So is the flag here automatically ignored if the device is rooted? Seems weird 🤔 Does it check the unlocked bootloader?

@ralfgehrer
Copy link
Contributor Author

ralfgehrer commented Oct 13, 2020

Works on a Huawei CLT-L09 (Android 8.1.0):
device-2020-10-13-140333

Works on a Pixel 3a Emulator (Android 11):
device-2020-10-13-141526

Doesn't work on a rooted Pixel 3a (Android 11):
device-2020-10-13-140120

So is the flag here automatically ignored if the device is rooted? Seems weird 🤔 Does it check the unlocked bootloader?

see https://developer.android.com/reference/android/view/Display#FLAG_SECURE

Seems to me, that on rooted devices, the app launcher can choose itself what to show, and as the app sandboxing is circumvented the encrypted data can be accessed nevertheless. Hence several posts mentioned that the flag is not reliable on rooted devices.

d4rken
d4rken previously approved these changes Oct 13, 2020
View reviewed changes
Copy link
Member

@d4rken d4rken left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, if possible confirm behavior on an unrooted Pixel 3a (API30), but not a blocker, current behavior is already better than before.

harambasicluka
harambasicluka previously approved these changes Oct 13, 2020
View reviewed changes
@BMItr
Copy link
Contributor

BMItr commented Oct 13, 2020

IMG_5142
not working on Moto (Android 7) & Huawei (Android 6)

@BMItr BMItr dismissed stale reviews from harambasicluka and d4rken via a671065 October 13, 2020 15:35
@ralfgehrer
Copy link
Contributor Author

ralfgehrer commented Oct 13, 2020

@d4rken tested in a non-rooted Pixel 3A. Same behavior as on the rooted one.
With @bmitter's changes, screenshots are disabled. We can only have one of the two options:
a) reliably hide app content in the launcher but disable screenshots within the app
OR
b) hide app content in the launcher for some devices but allow screenshots within the app.

@d4rken
Copy link
Member

d4rken commented Oct 14, 2020

I think screenshots should not be disabled. I don't think an app should tell the user what he/she can do with their device. If they want to take a screenshot, they can drop their phone on a copier 🤷, disabling it just makes it cumbersome. If someone wants to take screenshots, let them.

I also don't see a huge risk with the app content showing in the launcher, if the device is locked, no one can see it, if the device is unlocked, someone can just open the app and view it. While I agree that you may show someone else your device and could inadvertently reveal the corona app's screen content, I don't think it's an important enough "feature" to warrant disabling screenshots.

Final decision probably lies with the POs here then.

@harambasicluka harambasicluka marked this pull request as draft October 14, 2020 11:17
@ralfgehrer ralfgehrer force-pushed the feature/EXPOSUREAPP-2612-disable-screenshots branch from a671065 to b91ae41 Compare October 23, 2020 13:41
@ralfgehrer ralfgehrer force-pushed the feature/EXPOSUREAPP-2612-disable-screenshots branch from b91ae41 to efa96e3 Compare October 23, 2020 13:48
@ralfgehrer ralfgehrer marked this pull request as ready for review October 23, 2020 13:48
BMItr
BMItr approved these changes Oct 23, 2020
View reviewed changes
Copy link
Contributor

@BMItr BMItr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

already tested, with known result. approved

@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 23, 2020

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication

@ralfgehrer ralfgehrer merged commit 227e92e into release/1.6.x Oct 26, 2020
@ralfgehrer ralfgehrer deleted the feature/EXPOSUREAPP-2612-disable-screenshots branch October 26, 2020 07:11
@heinezen heinezen mentioned this pull request May 9, 2021
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

3 more reviewers

@d4rken d4rken d4rken approved these changes

@BMItr BMItr BMItr approved these changes

@harambasicluka harambasicluka harambasicluka left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

maintainers Tag pull requests created by maintainers

Projects

None yet

Milestone

1.6.0

Development

Successfully merging this pull request may close these issues.

5 participants

@ralfgehrer @d4rken @BMItr @harambasicluka