Secure flag
Guardsquare recommended technique
| Technique summary | |
| Technique | Secure flag |
| Against | Screen recording attacks |
| Limitations | None |
| Side effects | Protected views do not appear on screenshots or recordings, and cannot be shared with remote viewing software |
| Recommendations | Recommended for use |
The use of FLAG_SECURE is a well-known Android security measure to prevent sensitive data being leaked through the screen.
One specific issue that FLAG_SECURE does not address on older Android versions is that the keyboard and cursor are visible while FLAG_SECURE is set on the application activity in such a way that it is possible to retrieve the sensitive data. Please see secure in-app keyboard for more information.
Guardsquare
Connect with the author
Table of contents
