Thanks to the mobile era we have mobile apps for everything these days. Every business from a barbers shop to huge retailers has apps so that they can be closer to their customers.
On one hand, we really leverage this convenience but on the other hand, there are risks of exposing a lot of confidential information while using these apps. And it becomes very vital when dealing with payments and other sensitive information.
As a developer of these apps, it is our responsibility to put checks to make sure privacy and security are not compromised. One of the ways is to detect/prevent screenshot and screen recording action and taken an action or inform the user to take appropriate action.
Here are some use cases where screen capture and screen recording can expose sensitive information:
1. Login information can be recorded
Any app that requires a login to get access to sensitive information. We need to make sure that only the intended person can log in. If screen recording or screen capture is allowed on the login it can expose confidential information.
2. Recording of Streaming Content
Let's take an example of a content streaming app, for example, Netflix, which I think everyone is aware of. We pay a monthly subscription to stream content. If screen recording was allowed, one can record with the device's recording option and watch the content later without even having a membership.
3. Payment Information
Any retail or banking app deals with payment/transactions. From a security point of view, we need to be watchful of any information being captured from the app to protect the user's account. If we aren't careful it will lead to a major leak in from application and secured transaction details will be compromised.
Here is how you implement it :
As a developer, we can prevent/track screenshot very easily by listening to notification userDidTakeScreenshotNotification available in iOS 11 and above. Let's see the code in action
class ViewController: UIViewController {
override func viewDidLoad() {
super.viewDidLoad()
// Do any additional setup after loading the view.
NotificationCenter.default.addObserver(self, selector: #selector(didTakeScreenshot(notification:)), name: UIApplication.userDidTakeScreenshotNotification, object: nil)
}
@objc func didTakeScreenshot(notification:Notification) -> Void {
print("Screen Shot Taken")
}
}
In the code above we are adding ourselves as an observer to notification userDidTakeScreenshotNotification and catching with function didTakeScreenShot which will get triggered anytime a user tries to take a screenshot. At this point in time as a developer, we have the opportunity to handle in a way we want for our app. For eg. show a warning message and then kill the app after informing the user. Here is a gif that captures it.
To check if a screen is getting captured/recording all we have to do is check for isCaptured property on UIScreen. Let's look at the code sample below
func isRecording() ->Bool {
for screen in UIScreen.screens {
if (screen.isCaptured) {
print("screen is recorded")
return true
}
}
return false
}
We can decide to check for recording by calling the method isRecording. We can call this method depending on our needs. We can either call it on different states of our view life cycle or having a timer to check for this. Here is a demo that shows screen recording detection.
Detecting screenshot capturing and recording can be very useful from a security and privacy point of view in the app.
This adds trust and reliability in the app that potentially millions of people can use. I would love to hear about your use cases and experiences with screen capturing measures that you might have used. At the end of the day, as a good developer we need to practice all the good security practices to secure our iOS app.
Also published on: https://medium.com/swlh/how-to-make-your-ios-app-secure-from-screen-shot-and-recording-82b6aea26b33