Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for blocking screenshots from being taken #118

Open
grrrrr opened this issue Jun 7, 2023 · 5 comments
Open

Add support for blocking screenshots from being taken #118

grrrrr opened this issue Jun 7, 2023 · 5 comments

Comments

@grrrrr
Copy link

grrrrr commented Jun 7, 2023

I am aware that this is not a perfect privacy solution and there are ways around it but it would be useful to have TimeCop block the ability to take screenshots.

While the risks / concerns of someone remotely taking a screenshot of TimeCop on most peoples devices phone are low there are still users who may be more high risk, it is a possibility that some malware is setup to take screenshots of the recorded data and could result in issues in restrictive countries

Additionally with screenshots blocked, switching apps would result in you seeing TimeCop is your list of open apps but not seeing the screen it's contents, an extra benefit

My suggestion would be to add a toggle allowing users to opt-in to this feature,.

Some apps that do that have this option if examples/comparison is needed

  • KeepassDX (always blocked)
  • Signal (allows toggling screenshot capture on or off)
  • ProtonMail (allows toggling screenshot capture on or off)
  • Aegis (allows toggling screenshot capture on or off)
  • MediLog (allows toggling screenshot capture on or off)
  • RedReader (allows toggling screenshot capture on or off)
  • Quacker & Fritter (allows toggling screenshot capture on or off)
@soam1
Copy link

soam1 commented Oct 1, 2023

@grrrrr i would like to pick this up. I hope you assign me this so I could help

@12people
Copy link
Collaborator

@grrrrr Thanks for the suggestion. However, as you say, it's not a great privacy solution and there are many ways in which it could be circumvented. For example, even in the case of malware that would give an attacker access to your device, the attacker could just as easily gain access to the database associated with the app — either via the on-device file or via the "Export" screen.

Also, I think I fail to see the use-case for this, as unlike with password apps or medical apps or even communication apps, the data in Time Cop is unlikely to be particularly sensitive. I guess unless you're doing sensitive government work, but then your whole device should be hardened and blocking screenshots is unlikely to be much of a help. And if you're under a repressive regime and doing activist work, perhaps consider using a codename for your project rather than "Secret Anti-government Project".

At the end of the day, if you're concerned about any of your data leaking, then you need to harden your entire device. Blocking screenshots won't help here.

Let me know if I'm missing some important use-case. For now, I just don't think it's worth the implementation or maintenance effort (especially as this would be Android-only; iOS is not seeing new releases and desktop platforms don't have support for this feature AFAIK) or worth the UI clutter in adding another setting.

@grrrrr
Copy link
Author

grrrrr commented Nov 7, 2023

@soam1 I think you could just make a pull request and @12people would decide to accept it or not

as unlike with password apps or medical apps or even communication apps, the data in Time Cop is unlikely to be particularly sensitive

@12people a bit as you say, the work (or some of it) is sensitive

For example, even in the case of malware that would give an attacker access to your device, the attacker could just as easily gain access to the database associated with the app — either via the on-device file or via the "Export" screen.

This really depends, most malware will either target specific data on a phone when they know what they want or take screenshots to gather a more overall view.

While I am android, it's my understanding that iOS also has the ability to restrict this as of iOS 1411.

Thanks for at least considering and close if it is something not what you want implemented.

@12people
Copy link
Collaborator

@grrrrr @soam1

If it were up to me, I don't think I would accept this, as I think it adds unnecessary complication without significant enough security advantages.

(As for iOS, the potential might be there, but the iOS release hasn't been updated in years.)

However, I'm just a volunteer maintainer. @hamaluik is the owner of this project and the decision is up to him. He tends to be quite busy nowadays, but if he notices this conversation, he'll have the final say on this.

@12people
Copy link
Collaborator

BTW, I'd be curious whether malware doesn't generally have ways to go around the flag that disables taking screenshots, as malware tends to have escalated privileges anyway. Is there any evidence of this flag thwarting malware?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants