Hello community,
A while ago, I was giving a workshop and a question came up regarding sensitive data being displayed when an app enters the background and becomes visible in the App Switcher. I thought this could be interesting for some of you out there so I am writing this small blog post which will show different ways of hiding sensitive data in the App Switcher.
First of all, if we talk about the privacy and security of enterprise apps or any apps which contain sensitive data you have to find a way to make sure the user's data is always secured. One way would be to let the user do an authentication every time the app enters the foreground, which is not really what we want right. Forcing the user to authenticate constantly is really cumbersome and not great when it comes to User Experience.
Using SAP Mobile Services you can change the client policies of your app to have a kind of "session timeout" after some time. This could be an interesting way to make sure that if the user hasn't used the app in a while that a re-authentication is necessary. The authentication, in that case, would be re-entering the app's passcode set by the user during the onboarding process.
But now what happens with the screenshots that have been taken by the OS when switching apps?
So there are several ways of preventing to have sensitive user data visible in the app's screenshot in the App Switcher. Let's see what we can do:
Hide sensitive
data
before going into the background
Before your app enters the background you can go and adjust the UI to delete or simply not show the user's sensitive. Depending on your UI that can be a bit cumbersome with the state restoration because you have to fill back in the stripped out UI when the app gets active again.
There are two ways to know when the app is about to switch from active to inactive: you can implement the
applicationWillResignActive(_:)
method in the AppDelegate of your app, another way would be registering to the
UIApplication.willResignActiveNotification
.
The latter approach allows it to do that at any point in your app code.
override func viewDidLoad() {
super.viewDidLoad()
let notificationCenter = NotificationCenter.default
notificationCenter.addObserver(self, selector: #selector(doSomething), name: UIApplication.willResignActiveNotification, object: nil)
}
@objc func doSomething() {
print("Remove user sensitive data!")
}
The downside of manipulating the data or the UI when going into the background is that in the state restoration of the app you have to make sure that everything is back to the original state. That can become fairly cumbersome and complicated if you have screens with a lot of user input fields.
Blur the App's Screenshot for the App Switcher
Another approach that is less work for the developer but equally good in my personal opinion is to just blur out the app's screenshot which gets displayed in the App Switcher.
To do so you can implement the blurring and take/replace the screenshot in the App Delegate in just a few lines of code.
Let's see how that works:
In the App Delegate, you can utilize the
applicationWillResignActive(_:)
method to take a screenshot, apply a blur effect and set it as current view in the app's window instance.