Permissive screenshot option set
- Rule ID: java_android_prevent_screenshot
- Languages: java
- Source: prevent_screenshot.yml
Android may take screenshots of the current application view for display purposes, for example when an application is sent to the background. Whether or not Android is permitted to take such screenshots is determined by the FLAG_SECURE option.
By default, the FLAG_SECURE option is not set and no screenshots are taken.
For best security practices, we should not set the FLAG_SECURE to true and we should never allow Android to take screenshots of the current application activity.
❌ Do not set the FLAG_SECURE option, to ensure that Android does not take screenshots of potentially sensitive information
OWASP Top 10
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=java_android_prevent_screenshot
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=java_android_prevent_screenshot
Ready to take the next step? Learn more about Bearer Cloud.