Ramblings of a code monkey
Hiding Sensitive Data In The Background with Xamarin

Hiding Sensitive Data In The Background with Xamarin

Keeping sensitive data secure is very important as a mobile developer as phones can quite easily be misplaced or stolen. Databases, for example, can be encrypted to keep out prying eyes but there is one area is very often overlooked; the recent application list. Whenever an app is sent to the background, the OS, will take a screenshot to display as the preview of the app within the recent application list and any data that is on the screen when the screenshot is taken will be visible. To prevent potentially sensitive data leaking like this it’s possible to obscure or hide the screenshot that was taken by the OS.

Xamarin.Android

Android is very straightforward to get set up, though unfortunately, there’s no customisation allowed 🙁 In MainActivity.cs do the following:

  • Override OnPause to set the WindowManagerFlags.Secure flag on the Window
    • Note that this must be done before calling base.OnPause()
  • Then, override OnResume to clear the flag when the application is brought to the foreground

Screenshots

Xamarin.iOS

Most iOS examples I found used a blur effect to hide the screen content but this wasn’t exactly what I wanted to do; I wanted to do something a little more custom and display a logo in a similar fashion to the splash screen. The most effective way of doing this is to create a custom UIViewController that will be used to replace the current KeyWindow for the application whenever it enters the background. Using a custom UIViewController solves one big problem that I found when simply using a UIView as the privacy screen:

  • After putting the app into the background and rotating the device, when viewing the recent application list the privacy screen would only partially cover the preview. I believe this to down to the dimensions of the screen changing when the device is rotated and the UIView had no way of being resized properly. Using the code below solves this issue and will keep your preview screenshot secure 😊

The code above makes a couple of assumptions:

  • ImageAsset is the name of an Image Set within Assets.xcassets. This is the image to be displayed on the privacy screen and will allow you to specify different images for Light and Dark mode.
  • BackgroundColourAsset is the name of a Color Set within Assets.xcassets. This is the colour that will be used as the background colour for the privacy screen and will allow you to specify different colours for both Light and Dark mode.

Now that we have the view that we want to display all sorted, using it is quite simple. In AppDelegate.cs:

  • Override DidEnterBackground and create a new UIWindow to replace the current KeyWindow.
  • Then, override OnActivated to dispose of the privacy screen window created when the app was sent to the background.

Screenshots

Links

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.