You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This proposal explores adding a feature to the Web Manifest that would allow developers to prevent screenshots of specific PWA screens. The functionality aligns with native app behaviors like Google Pay disabling screenshots on payment pages or WhatsApp restricting profile page captures. While the implementation for the web has complexities (e.g., bypassing DRM on Mac by disabling CSS hardware acceleration), PWAs can leverage secure APIs to emulate native app security.
Background and Motivation
Native apps commonly use features like Android's FLAG_SECURE or DRM to protect sensitive information from being screenshotted. Implementing similar behavior for PWAs would provide a more secure and privacy-conscious user experience, especially for financial transactions, private messages, or sensitive media.
Proposed Solution
Add a new attribute in the Web Manifest, e.g., "screenshot-protection": ["page1", "page2"].
Developers can specify an array of page routes or URLs within the PWA where screenshots should be disabled.
The browser, upon detecting these routes, disables screenshots or screen recording for the specified pages.
Leverage platform-specific APIs (e.g., Android's Screen Capture API and FLAG_SECURE) to implement this functionality.
Challenges and Scope
Cross-platform Differences:
While mobile platforms like Android support APIs for screenshot prevention, desktop platforms (e.g., macOS) present challenges due to the potential for bypassing using developer tools or hardware configurations.
Web DRM Complexity:
Implementing DRM for web-based applications has historically been difficult and may require additional considerations for PWAs.
Developer and User Expectations:
Balancing security with usability is critical to avoid over-restrictive or intrusive behavior.
Future Considerations
Explore how this feature can integrate with existing DRM technologies to safeguard media.
Evaluate browser-level implementation feasibility across platforms.
Investigate potential mechanisms for developers to dynamically enable or disable screenshot protection based on runtime conditions.
Abstract
This proposal explores adding a feature to the Web Manifest that would allow developers to prevent screenshots of specific PWA screens. The functionality aligns with native app behaviors like Google Pay disabling screenshots on payment pages or WhatsApp restricting profile page captures. While the implementation for the web has complexities (e.g., bypassing DRM on Mac by disabling CSS hardware acceleration), PWAs can leverage secure APIs to emulate native app security.
Background and Motivation
Native apps commonly use features like Android's
FLAG_SECUREor DRM to protect sensitive information from being screenshotted. Implementing similar behavior for PWAs would provide a more secure and privacy-conscious user experience, especially for financial transactions, private messages, or sensitive media.Proposed Solution
"screenshot-protection": ["page1", "page2"].FLAG_SECURE) to implement this functionality.Challenges and Scope
Cross-platform Differences:
While mobile platforms like Android support APIs for screenshot prevention, desktop platforms (e.g., macOS) present challenges due to the potential for bypassing using developer tools or hardware configurations.
Web DRM Complexity:
Implementing DRM for web-based applications has historically been difficult and may require additional considerations for PWAs.
Developer and User Expectations:
Balancing security with usability is critical to avoid over-restrictive or intrusive behavior.
Future Considerations
References
The text was updated successfully, but these errors were encountered: