I work for a company that builds an app /sdk that handles credit cards / payments. It's one of the (many) requirements for getting an industry standard certification (like PCIDSS / MPOC). The app Must block screenshots, and Must disable the camera while using it...
Android
DROID DOES
Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules
1. All posts must be relevant to Android devices/operating system.
2. Posts cannot be illegal or NSFW material.
3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.
4. Non-whitelisted bots will be banned.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
Community Resources:
We are Android girls*,
In our Lemmy.world.
The back is plastic,
It's fantastic.
*Well, not just girls: people of all gender identities are welcomed here.
Our Partner Communities:
I agree that it's infuriating! I downloaded an LSPosed module called CaptureSposed that overrides it.
It shouldn't take a specific module hack on a rooted phone with a custom OS with an unlocked bootloader to get this functionality back.
I like that it's possible, but I think it should be treated like a permission with a user accessible toggle in settings for each app.
I would like to see the same thing for clipboard read access. In the same way app has to prompt you for location permission it would have to prompt you to read the clipboard and you would actually have the option to allow it all the time which is handy for some apps like clipboard manager, or don't allow it alltogether which is handy for some random apps you don't trust.
Oh yea, something needs to be done about the clipboard. It's unsettling to know that a random app can just get your clipboard. Sometimes bitwarden doesn't detect a password field for some reason so I have to copy it to the clipboard 😖 don't feel safe...
I believe Bitwarden has a setting to “wipe” the clipboard after some time.
Not perfect, but better
Drives me nuts too! Signal at least has a toggle for it, so the user can decide. I wish more apps would do the same, maybe with a pop up warning explaining the risks.
That's nothing. My workplace disabled copy/paste on everyone's work iPhones completely. Not in their own apps but system wide. Apparently that's something ios allows them to do. Doesn't affect me much because I use the phone as a glorified dual auth token but some people have it as their primary phone.
work iPhones
some people have it as their primary phone.
Bruh, I have no idea how people can put up with their employer being able control their device. Like... the employer can freak out about some perceived "security breach" and decide to wipe everyone's phone and you lose all your data like photos. Also, their employer can see if they are shit talking about the employer or mangement people, and it's a terrible idea if they want to unionize.
As an IT guy that manages MDMs, no we cannot see communications on the device
As another guy that does, yeah we can push ediscovery apps to the phone and pull all kinds of data
My work phone battery lasts for like 5-6 days because I only have Slack, MFA app, and outlook on it. It's crazy to use it for personal use
They are okay with it because it isn't their phone. It's a free phone that comes with the job.
"Free"
hmm I rather not... like its not just "privacy" you'd have to worry about, there can be potentially a rogue employee of the company just stealing all your bank info and possibly steal your identity. Might be a "free" phone, but there's just much more risks than just getting a cheap android phone. People don't think this though and only think about the "free". Dealing with identity theft is not fun. If only people understand the risks... 🤦♂️
Don't put personal stuff on your work phone. Use your own phone for that. If you have trouble carrying both, hit the gym.
Yea exactly. I would just carry 2 phones, but I'm just saying: I don't understand how other people just use their work phone for personal use simply because it's "free"
Yes it's just a terrible idea. People do all sorts of dumb things though.
I understand the reasoning for it since many apps can see photos on your device so if it is something that should stay private you probably shouldn't be taking screenshots anyway, but I also can see how it could be annoying. I quite like the feature on messaging apps actually.
My doctor's app does this and it annoys the fuck out of me. I get test results and I want to share them with my wife and it's like nope.
Second phone or cheap camera off ebay..
There are also probably usb-c capture dongles that should work
Also: Split Screen + Take photo using front camera in front of a mirror.
The point of many of android's "protection" features isn't to protect the user from apps, but to protect apps from the user. I hate it.
In this case, I think it's protecting apps from other apps. No secret screen recording going on while you're looking at bank statements, etc. I find that annoying, too, but I'm less annoyed by the reasoning in this case.
Now if Google could explain why toggling wifi through Tasker requires root, I would LOVE to hear the reasoning...
In this case, I think it's protecting apps from other apps. No secret screen recording going on while you're looking at bank statements, etc.
I think with all the engineers at Google developing Android they could come up with a solution of how to discern whether the act of screenshot was triggered solely by the user, or an app on the phone. They are the ones in power of all the APIs that allow other apps to capture the screen content in the first place. Maybe I am simplifying it too much, but this seems as a bad excuse to me.
Maybe it would be too hard of a solution since there's so many ways third party apps could capture screen content (including for example the Android accessibility service which also allows apps to read content of the screen and even simulate screen touches and gestures which many automation apps make use of) that blocking the screenshot alltogether is by far the most feasible solution.
There is already a solution:
Third-party apps, unless a user specifically go to settings and find that option, don’t have the permission known as “Draw Over Top” that’s required to do screen recordings/screenshots.
So by default, a user is already safe from a malicious app trying to steal info. (That is, unless they just be an idiot and give the app "Draw Over Top" permission)
Some password managers want draw over top.
Bitwarden required it, iirc
Well you are gonna be trusting the password manager anyways, since its literally storing all your passwords. If you trust Bitwarden to store all your passwords, then you can trust it to not abuse the "Draw Over Top" permission.
For me and my family, I think the best solution would be to leave it as-is but with a way to lift the restrictions for power users that doesn't involve root access. Something akin to enabling developer mode without having to buy a specific rootable phone
Third-party apps, unless a user specifically go to settings and find that option, don't have the permission known as "Draw Over Top" that's required to do screen recordings/screenshots.
Fair enough, though experience with my unsavvy family makes me think a lot of people will do whatever an app tells them to do
Ok but why is my browser doing this in incognito mode? Incognito mode isn't a banking app. It's me not wanting my browser to save my Facebook login info or history.
The target use case for incognito mode is to prevent the device from saving your activity during the browsing session through things like cookies and history. To that end, incognito also blocks it to prevent other apps from saving your activity through screen recordings or screenshots.
They changed it the other day where airplane mode doesn’t require root. That one’s nice for me.
Never mind that shortcuts on iOS has been able to do that simple task from its inception.
You used to be able to do everything I wanted through tasker without root but Google has been stripping away functionality for years
When did airplane mode ever require root?
Up until Android 14 I think. Android 13 for sure does not support it.
Unless an ADB trick counts https://tasker.joaoapps.com/userguide/en/help/ah_secure_setting_grant.html
Or changing or just adding a system font.
Or setting a charge capacity limit.
Or adding separate quick access tikes for wifi and cellular.
The first two don't bug me but dam, give me my 6 buttons back!! I hate these fat notification tray icons. And yes, fuck Google for making it take MORE clicks to toggle wifi/cellular than before.
Being able to block screenshots is "supposed" to protect users from having malware take screenshots of banking apps and other such information.
If app developers were good, this could have been a good feature.
But I agree with OP. It still should be the user's choice.
My Banking App does have the option to disable this feature.
It's all fine if it's a user choice, very annoying if it's not.
"Protections" are fine, as long as there's an override for it.
User doesn't like potential malware from "sideloading"? Then don't enable "Install from Unknown Sources".
Same thing with everything else, there should be an override switch.
Some android apps bypass this but don't work 100 percent but sadly, they are the only safe option.
By safe I also mean, the others you must root so you void certain updates from your carrier in many cases, you have to search the APK code and delete a line, or you have to install a certain entity which hinders your security in other ways.
Shopping apps should have, and Amazon usually lets you email a copy of a receipt anyway. Don't know about other shopping apps. Banks and other financial institutions you would just need to contact them for records etc, and I know it is a pain.
Some browsers have settings to bypass if you are using a site that tries to stop a screenshot.
This thing is super annoying. Maybe there is some xposed module to bypass this . i don't known my phone isn't rooted.