Skip to content

MASWE-0055: Sensitive Data Leaked via Screenshots or Screen Recordings

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Overview

Mobile platforms allow users and third-party tools to capture screenshots or record screens. This can expose sensitive data and increase the risk of data leakage.

There are several ways an attacker may obtain this sensitive data:

  • Third-party apps with permission to capture or record the screen: Third-party apps may record the screen while sensitive content is displayed.
  • Third-party apps with permission to access the screenshot and recording files: Third-party apps may access screenshots or recordings saved in storage after they are taken by the user or a tool.
  • External tools may record the screen: Tools such as Scrcpy and libimobiledevice suite can record the device's screen via a USB connection.
  • Automatic Screenshots when Backgrounding: When an app enters the background state, the system may capture a screenshot of the app's current view to display in the app switcher. These screenshots are stored on the file system and could potentially be accessed or stolen by malicious actors.

Impact

  • Loss of Confidentiality: Under certain conditions, an attacker could access sensitive data previously displayed on the screen, potentially compromising confidentiality and enabling further attacks, such as identity theft or account takeover.

Modes of Introduction

This can typically occur in two ways:

  • Screenshots and Screen Recordings Not Prevented: The app does not implement measures (such as setting secure window flags) to prevent the operating system or other apps from capturing screenshots or screen recordings.
  • Unredacted Sensitive On-Screen Content: The app displays sensitive information directly on the screen without masking or redacting it, allowing confidential data to be visible if a screenshot or screen recording is taken.

Mitigations

  • Prevent screenshots and screen recording.
  • Redact sensitive on-screen content so that, if a screenshot is taken, no confidential data is visible.

Tests

MASTG-TEST-0289: Runtime Verification of Sensitive Content Exposure in Screenshots During App Backgrounding MASTG-TEST-0291: References to Screen Capturing Prevention APIs MASTG-TEST-0293: setSecure Not Used to Prevent Screenshots in SurfaceViews MASTG-TEST-0294: SecureOn Not Used to Prevent Screenshots in Compose Dialogs MASTG-TEST-0292: setRecentsScreenshotEnabled Not Used to Prevent Screenshots When Backgrounded MASTG-TEST-0290: Runtime Verification of Sensitive Content Exposure in Screenshots During App Backgrounding