[HN Gopher] Taking screenshots isn't allowed by the app after up... ___________________________________________________________________ Taking screenshots isn't allowed by the app after upgrading to Android 11 Author : distalx Score : 283 points Date : 2020-11-08 11:38 UTC (11 hours ago) (HTM) web link (support.google.com) (TXT) w3m dump (support.google.com) | andybak wrote: | This is where a small bit of editorializing in the post title | might be useful. The linked page is about a bug when you use | .nomedia which is kind of interesting in it's own right. However | most replies here seem to be on the broader topic of whether an | OS should be able to block screenshots - this is another | interesting topic but one that's only vaguely related to the | linked page. | | I'm curious if the /u/distalx posted this because they were | interested in a discussion about the former or the latter. | | If the former then it has largely strayed off topic. If the | former then there might be a better page to link to that is more | clearly about that specific "feature". | Polylactic_acid wrote: | Android certainly does have a feature to block screenshots in | apps though. | grishka wrote: | I had a similar problem when I updated to Android 10 and the | MediaStore content provider decided to get stuck in an infinite | loop trying to upgrade its database. I couldn't take screenshots, | use the camera, or use any functionality in any apps that would | rely on the photo gallery. Now, that's me, a long time Android | app developer, and it took me an hour to figure out what the hell | happened (wiping the data for said content provider fixed | everything, obviously). Imagine what would a regular user do if | they encountered this issue? I had a fully-stock installation | too, didn't even unlock the bootloader. | | I don't understand why modern software has to suck so much. If | you can't perform some operation for some reason, for the love of | god, at least show a sensible error message so people who haven't | spent ridiculous amounts of time reading the source code of your | product as part of their job can troubleshoot their systems. Not | "something failed, go read logcat, maybe it helps, good luck". | Polylactic_acid wrote: | >at least show a sensible error message | | The only way to do this typically is to either already be aware | of the issue so you can add an error (And in that case you | would have just fixed the issue) | | Or to dump a stack trace. | read_if_gay_ wrote: | > at least show a sensible error message so people who haven't | spent ridiculous amounts of time reading the source code of | your product as part of their job can troubleshoot their | systems. Not "something failed, go read logcat, maybe it helps, | good luck". | | While I'm not sure whether it's true, I think the reasoning | behind this is that to the average user, a sensible error | message is about as useful as "something failed, good luck". | grishka wrote: | They could at least google it and find out how someone else | solved the same problem. No such luck with more generalized | error messages. | nexuist wrote: | An infinite loop as you described however is not really an | error condition; in fact this is the premise of the Halting | Problem [1] which is not solvable as far as we know. | There's no way for the media provider to know if the loop | will ever resolve and it may just be the case that you have | an absolutely massive photo library that takes a lot of | time to load. You could argue that they could add some sort | of background timer that triggers an error if the provider | takes too long to deliver data, but then what should that | timeout be? What if the user's device is just naturally | slow or the photo library is stored on some sort of | external storage device (SD card maybe) with awful | bandwidth? If your timeout is too low, it will prevent | users from legitimately accessing their photo library; if | it's too high, it ruins the point of having a timeout in | the first place. | | In this sort of scenario the better choice rather than | implementing error detection is just fixing the original | problem that caused an infinite loop so users don't need to | fix anything in the first place. I think the reason why | debugging/resolving issues seems so complicated in modern | times is in part because we already did fix most/all the | "easy" issues from the past generation -- the only | remaining issues are extremely hard to catch or, in the | case of the Halting Problem you experienced, mathematically | impossible. | | [1] https://en.wikipedia.org/wiki/Halting_problem | toast0 wrote: | > In this sort of scenario the better choice rather than | implementing error detection is just fixing the original | problem that caused an infinite loop so users don't need | to fix anything in the first place. | | Sure, not having the bug would be better, but I can only | assume that the developers didn't intend to make the | conversion loop. They failed to not have the bug then, | and most likely will fail to not have bugs in the future; | that's life. The solution in this case may not be to | detect an error condition, but to just indicate what the | software is doing. Ex a persistent notification for | 'updating database schema', maybe appearing after a 5 | minute timeout; if that sits around for an hour or five | days or something, you can google around for it. | perryizgr8 wrote: | When you buy a pixel, understand you are paying to participate in | a beta program designed to further some Google employees careers. | You're not buying a phone that is designed to serve your | interests. | | If you want a phone for daily use, get an iPhone or galaxy. | amelius wrote: | Wait a second, does the app _know_ that I 'm taking a screenshot? | smadge wrote: | Yes. For example when you take a screenshot of a message in | Snapchat, the sender is notified. | amelius wrote: | This sucks and I consider this a serious breach of privacy. | bdcravens wrote: | At least you're not in a walled garden. /s | lsb wrote: | As long as the content is coming to your eyes, you can use | another device to record it. | | If you have a separate phone that you use as a second factor for | your 2FA, you have a convenient way of photodocumenting any | screen that you see. | | People shakily recording their TV doesn't win any awards, but is | evidence enough in a serious pinch. | raffraffraff wrote: | 2021 will be the year of Linux on the ... Phone | exikyut wrote: | Heh, sentiment noted - but the PinePhone is a thing now, so... | let's see just how bad GTK and Qt can be on mobile, eh? :D | cesarb wrote: | > let's see just how bad GTK and Qt can be on mobile | | GTK and Qt on mobile is not a new thing, Maemo/Meego were | earlier examples. In my experience, it worked fine. | [deleted] | jaspergilley wrote: | God, I hope so. I've been meaning to try the PinePhone and | maybe others at some point | exabrial wrote: | Take another phone, aim at screen, take screen shot. | | It's a stupid "feature" that lulls user's into a false sense of | security. | | The real motivation is to prevent badly behaved apps from taking | screenshots in the background, but requiring the user shortcut | input to do that would be more secure and a better option. | phendrenad2 wrote: | The real motivation is preventing badly behaved apps from | taking screenshots in the background, without investing any | engineering effort into adding the correct user warnings and | settings to differentiate between intended and unintended | screenshots. | ur-whale wrote: | Or you could just have a second phone and take a picture of the | screen of the first ... | skee0083 wrote: | I'm done with android. The final straw for me was when i needed | to call 911 for my grandmother and android thought it was a good | idea to play notification sounds in the middle of the | conversation. Couldn't even hear the operator over all the loud | DING DING DING. | udia wrote: | Having a Pixel 3 phone, I was annoyed that long-screenshots and | call recording weren't available by default. Even when I rooted | the stock ROM and disabled automatic updates, I would find that | occasionally one morning my root setup would fail SafetyNet | (where it was working the night prior). I addressed this by | flashing the PixelDust rom on my phone. It now has stable root | and I control all updates. | | As mentioned in many other comments, it's nice to own your device | and not have it broken by automatic updates pushed from some | external entity (intentional or not). | | A quick writeup for how to do this is available here: | https://udia.ca/posts/2020/08/root_pixel_3_with_ota/ | hfktifjrn wrote: | Signal app also has an option to disable screenshots on Android | using this facility. I wonder what HN thinks about that: | | https://support.signal.org/hc/en-us/articles/360043469312-Sc... | yjftsjthsd-h wrote: | If it's user-controlled, why would anyone object? | jccalhoun wrote: | I'm on a pixel 4a and haven't encountered this. I just tried it | on a couple apps including my bank's app and it worked fine. So | this seems like a bug? | LockAndLol wrote: | To everybody complaining about how there are no options, my phone | my money, etc., go donate (money, code, documentation) to a | project actively working on providing an alternative. Put your | money where your mouth is. Actions speak louder than words. | rbecker wrote: | It was a bug - this time. It's not your phone, you're just using | it. | asutekku wrote: | It's to prevent you screenshotting snaps / disappearing | messages sent to you or to prevent screenshotting licensed | content. This is good for 99% of the people. | nkrisc wrote: | No. "Disappearing" messages are a farce. Disabling other | people's screenshot capability so someone can be made to | believe that their message will disappear is absurd. If you | want a message that disappears, tell them in person and pat | them down for a wire. Also there's nothing wrong with simply | screenshotting licensed content. I'm allowed to do so for my | own personal use. If someone is distributing licensed content | that they are not licensed to do so, that's a matter for the | courts. | hfktifjrn wrote: | Signal app on Android blocks screenshots too | (configurable). Does that mean that they are clueless about | security? | detaro wrote: | Signal does not pretend that it will stop the other side | from screenshotting your messages. | [deleted] | badjeans wrote: | Can it prevent the user from taking a photo of the phone | screen with a different device? | asutekku wrote: | It does not prevent, but most people will not bother. | jcelerier wrote: | if you let people like the user above you have their way | without offering strong condemnation and resistance, it | will eventually happen, yes | rbecker wrote: | https://www.zdnet.com/article/apple-patent-could- | remotely-di... | | https://www.cnbc.com/2019/10/10/apple-removes-police- | trackin... | kzrdude wrote: | local public transport service uses this block for their app. | To make it harder to casually fake app tickets. | iyrkki_odyss wrote: | It would still be possible to use external camera to capture | the content. | rbecker wrote: | > prevent screenshotting licensed content. [..] good for 99% | of the people | | Is this a parody, or do you truly think DRM is good? | tpxl wrote: | >DRM is good | | In principle is DRM bad? Sure, the current implementations | are pure cancers, but if they weren't, wouldn't DRM be a | rather good thing? | rightbyte wrote: | Why would the user want DRM. | tpxl wrote: | In general paying content producers allows them to | produce more content. If it's neutral for the | (legitimate) end user, but positive for the creator, why | would you not use it? | hfktifjrn wrote: | Because they want to access the content, which might not | be available otherwise. | | Netflix seems to be quite popular, and it's users don't | seem to be bothered by the DRM - try taking a screenshot | of it on the desktop, you'll get a black picture. | rbecker wrote: | > might not be available otherwise. | | Like how they stopped showing movies on TV once VCRs | entered the market, or stopped playing music on the radio | once home taping killed it. If only we had had DRM on | radios and TVs back then, perhaps there would still be | some entertainment industry left. | hfktifjrn wrote: | You are avoiding my point. | | Where is the user outrage over Netflix using DRM and | blocking their rights to fair use. | | And if you don't like it, don't subscribe. Are you | against companies being able to choose if to use DRM or | not? Do you want to ban DRM? What about encryption, do | you want to ban that too? | rbecker wrote: | > You are avoiding my point. | | I addressed your point directly. You claimed content | might not be available otherwise (and that this is the | reason consumers _want_ DRM), I gave examples that showed | that to be obviously false. And DRM is much more than | just not banned - it 's _illegal to circumvent_ , thanks | to DMCA. | | > And if you don't like it, don't subscribe. | | I don't. But you're still not happy - I guess you'd also | like me to shut up about how bad DRM is for consumers, | and allow you to spread your false claims how Netflix | wouldn't exist without it, unchallenged? | | > Are you against companies being able to choose if to | use DRM or not? Do you want to ban DRM? What about | encryption, do you want to ban that too? | | So you agree that DRM is bad for consumers and society, | you're just not sure how to fix it? Because that is the | only reason you'd want to skip directly to arguing what | should be done about it... unless you were hoping to make | it seem like DRM is good by proposing some overreaching | "solution", and make it look bad by association with an | encryption ban. But that would be an _incredibly_ | dishonest and slimy way of arguing, so I 'm sure that's | not what you were going for! | | For the record, no, I don't want to ban encryption. But | if DRM continues to infringe upon people's rights (such | as fair use, or even regular property rights, like when | Amazon remotely deleted an e-book, or Sony disabled | OtherOS on PS3, or HP disabled "unauthorized" ink with an | update to already sold printers), a DRM ban could be | warranted. Many types of contracts are already banned, | but you think consumers should just bow their heads and | take it while corporations lock away their rights behind | DRM? | | Do you believe the only choice consumers should have is | whether to buy a product or not? They shouldn't advocate | for consumer-protection legislation? They shouldn't even | complain about anti-consumer practices, judging by how | much my complaints bother you? | hfktifjrn wrote: | What bothers me is the constant hypocrisy of HN. | | Encryption is good, private companies should be allowed | to use encryption however they want, but them using | encryption for DRM or SecureBoot is bad. | | The market is right, except when it chooses DRM products | or big slim smartphones with unchangeable battery and no | headphone jack. Then it's bad. | | What's the consumer damage done by Netflix having DRM? | Where are the damaged consumers hiding? | | BTW, circumventing encryption used in Signal is also | illegal. | ryukafalz wrote: | Personally, though I don't like DRM, I don't think we can | ban it generally (though I could probably think of a few | more specific cases where we should). I would like | breaking DRM to not be a felony, though. | alisonkisk wrote: | DRM enables consenting relationships between content | creators and consumers. There's no need for you to | interfere other people's relationships. | flyinghamster wrote: | For values of "consent" that amount to "we can do | whatever we damn well please to you, take it or leave | it." | rbecker wrote: | So when media and technology conglomerates conspire to | include unasked-for, unadvertised DRM on consumer | devices, that's "consenting relationships". | | When I point out consumers are harmed by this, that's | "interference". | penteract wrote: | They may mean that it stops 99% of people. | yamrzou wrote: | Anyone else noticed that you can't take screenshots on Android | when using Chrome Incognito mode? "Can't take screenshot due to | security policy". I don't understand the rationale behind it. Why | can't I take a screenshot of my _own_ phone? | dredmorbius wrote: | I've long noted this. | | Seems to affect both Incognito and standard mode. | | The screenshot disabling is an absolutely massive strike | against Android and Google. | Dahoon wrote: | It works just fine in standard mode. | Polylactic_acid wrote: | Because we are in the age of treating the user as the untrusted | party. I have noticed some instant messaging apps (telegram) | use this feature. | darksaints wrote: | Personally I appreciate it, because for some odd reason my | phone manufacturer placed the screenshot button combo in a | weird location that I naturally grab when switching from | vertical to horizontal, and so I'm always taking accidental | screenshots. And if I'm doing something worth being in | incognito for, I don't want any accidental screenshots, | especially being backed up on Google photos. | | Though it would probably be nice if it asked you to confirm | with a thumbprint, thereby allowing you to bypass the security. | jtvjan wrote: | It's to stop a preview from showing up in the recents screen. | Try loading a page in incognito mode and then pressing the | overview button. Notice that you just see a grey square instead | of the page you loaded. | phendrenad2 wrote: | Why would app preview be conflated with whether the user can | take a screenshot? Can't those be two separate options? | Farbklex wrote: | They should be but on android, it's bot handled by the same | setting. | | So as an app developer I can either set the `FLAG_SECURE` | to hide both or I need to create own workarounds like | navigating to the root view element and setting it to | invisible whenever the app is paused just to hide it from | the recent apps. | unethical_ban wrote: | That is what is so nuts about this comment thread. People | assume this is some illogical or nefarious decision by Google. | Usually, these things are privacy related, or to prevent | nefarious apps from capturing data without your permission. | | Perhaps "Screen capture" should be in the permissions API | instead of blocking it... | | But for all the people complaining here, is there a legitimate | app with this function that you use on a daily basis? | Spivak wrote: | Signal and most banking apps have it. | | The feature isn't literally supposed to prevent you from | recording the screen, but it's enough of an | annoyance/deterrent that people don't. The goal is to prevent | people from having sensitive information sitting in their | camera roll by accident and send a unambiguous signal to the | user that you shouldn't be screenshoting it. | | It's the same feature Gmail enterprise offers that "blocks | downloading and forwarding." Like of course literally it | doesn't and can't possibly prevent someone motivated but it | drastically reduces the chance of someone leaking | confidential information when they have to go through a bunch | of kludgy steps. | maxerickson wrote: | Maybe "Incognito mode doesn't persist any information" vs | "Incognito mode doesn't silently persist any information"? | | The latter has more opportunity for confusion. Just a guess, I | don't know what the rationale is. | zozbot234 wrote: | Both Chrome and Firefox disable screenshots in private mode. I | assume that this helps defend against 3rd-party programs | running in the background that might save screenshots | unbeknowst of the user. | jkcxn wrote: | Are third party programs allowed to save screenshots | unbeknown to the user in the first place?? | vorticalbox wrote: | If the user gave it the permission too when they installed | it yes. | jakub_g wrote: | In older Androids it was too easy for the app to get the | permission to capture/record the screen without clear user | consent. In newer Androids you need to ask permission at | runtime. | phendrenad2 wrote: | So Chrome and Firefox should check if they're on a new or | old Android. | jakub_g wrote: | It's only a part of the issue. The other part is that a | "launcher" app shows miniatures of apps when you scroll | through open apps, and this behavior is controlled by the | same screen capturing permission. When you enable | screenshots, you also enable previews in the launcher app | when switching between apps, in some cases it might be | not desirable. | | There's probably some more nuances that I'm not aware of. | ffpip wrote: | To prevent accidental screenshots of you watching porn? | dalu wrote: | Since when does Google allow you to watch porn? They do | everything to fight it. You can't even install legit porn | apps without manually downloading the apk. And then it only | works on your phone and tablet, not the TV where it would | actually be desired to work. Also what right does Google have | to tell me what I can and can't watch on my TV/device? | phendrenad2 wrote: | iOS too. Porn apps are expressly forbidden. | ffpip wrote: | > Since when does Google allow you to watch porn? | | Porn is not allowed in the app store. They cannot regulate | porn videos (child porn might slip through) and the | headline next day would be ''Google allows child porn apps | on the play store'' | zrobotics wrote: | Huhh? I mean, I wouldn't trust any porn site with app | permissions, but how does that logic even make sense? The | inevitable conclusion would be that Chrome should be | banned as well, since I'm sure there's some sketchy | corner of the internet with that crap available. | ffpip wrote: | > Chrome should be banned as well, since I'm sure there's | some sketchy corner of the internet with that crap | available. | | Do you know the difference between a open browser and a | app store meant to distribute apps? | | Chrome is not responsible for the website's content. But | the app store will be help responsible for an app's | content. | zrobotics wrote: | Maybe I'm obtuse, but I don't really see the difference | between downloading Firefox from the play store or | downloading a porn app. In either case, I downloaded an | app from Google's servers that allows me to view | objectionable content. | | If the objection is that Google doesn't want to provide | an app that can be used to access illegal content, then | why provide a browser? I would think that there is less | of a chance of finding child porn on a major porn site | app than what would be avaliable via a browser. | | The only difference I can think of is that a browser has | other functionality besides adult content. | Dahoon wrote: | I'm sure you are aware that Chrome doesn't host the | internet and didn't think this through. | SquareWheel wrote: | >They do everything to fight it. | | Not hosting something on their store doesn't mean they're | trying to fight it. You're free to install whatever app you | want outside of their store. Or just use the browser like | everybody else. | jakub_g wrote: | Relevant crbug: https://crbug.com/985245 | | If you use Chrome Canary you can now enable a feature flag | under this URL: chrome://flags#incognito- | screenshot | | Firefox has a setting in settings > privacy to enable incognito | screenshots. | matsemann wrote: | I can understand the rationale somewhat, but annoying since I | often use it for testing during work and it makes it hard to | screenshot bugs. | | Another pet-peeve is banking apps doing the same. I understand | they don't want stuff to show up in the app switcher and stuff, | but it's annoying when I have to screenshot some expense or | numbers to send to others. | mensetmanusman wrote: | iOS Screen recording does not work with digital rights controlled | content. | | I wont be surprised if iOS screenshots are eventually also | altered/prevented in the future using similar levels of control. | Razengan wrote: | At least Apple has not done anything as user-hostile as this, | yet. | | On iOS the balance of control is still in the user's favor, not | the apps', and increasing with every release (like discrete | permissions, limited location sharing, being able to choose which | photos each app can see). | shawnz wrote: | The balance of control is in the users favour on iOS even | though it doesn't allow such basic affordances as sideloading | apps? | ericmay wrote: | Side loading apps is not in the user's favor though. The | iPhone is purchased explicitly to avoid that. | shawnz wrote: | By what rationale can you say that blocking sideloading is | good for the user but not blocking screenshots? | ericmay wrote: | Because it deleverages Apple's ability to negotiate for | users against developers as a collective bargaining | agent. You can jailbreak your iPhone or get an Android | one if you want. | shawnz wrote: | And blocking screenshots gives Google the ability to | negotiate for users against developers who might | otherwise not value the privacy of the user's screen | contents... so what's the difference? You can get an | iPhone if you want unrestricted screen access by apps. | | > You can jailbreak your iPhone | | And defeat all the security of the platform? No thanks. | Plus, that relies on exploits being available (which I | would hope for my own sake that they are not). | ericmay wrote: | That's not the same thing at all lol. | | And iPhone doesn't give apps unrestricted screen access. | shawnz wrote: | You don't see it as the same because you have different | expectations/needs. I don't see Apple's control of the | app store as being a value-add for me, so to me that is | user-hostile. Meanwhile I do think it's important that | apps can't arbitrarily look at my screen contents. | ericmay wrote: | > I don't see Apple's control of the app store as being a | value-add for me, so to me that is user-hostile. | | Sure, I think the exact opposite is the case. Fortunately | so far Apple has been on my side here. When that changes, | I'll have to reevaluate the utility of the iPhone. | | > Meanwhile I do think it's important that apps can't | arbitrarily look at my screen contents | | Hmm. Do you have any resources I could read to understand | how iOS apps are able to arbitrarily read my screen | contents? Thanks. | gst wrote: | One benefit of blocking sideloading is that it prevents | people who have brief access to your phone (border | agents, police, etc.) from installing spyware apps on the | phone. On iOS those people can extract your data as local | backup, but they won't be able to install any unapproved | apps that run in the background and that monitor you. On | Android it's trivial to install spyware apps via | sideloading and regular users most likely aren't able to | detect or uninstall them. | shawnz wrote: | Right, and so on platforms where sideloading is allowed | doesn't it make sense to restrict the ways in which apps | might be able to see the screen contents of other apps, | for the benefit of the user? | | It's the same justification in both cases: ensuring the | user's data stays private. I would prefer no screenshots | over no sideloading if those are the only options. | ericmay wrote: | Sure, but iOS users such as myself prefer no side | loading, primarily because I see no reason to side load | any applications. | pessimizer wrote: | > The iPhone is purchased explicitly to avoid that. | | This is untrue. Not a single person purchased an iPhone in | order to prevent themselves from loading apps. | snazz wrote: | I'm sure that plenty of people have purchased iPhones for | their older parents to decrease the odds that they | install malware. | Razengan wrote: | It's not a basic affordance if millions of people don't give | a fuck about it. | [deleted] | EvilEy3 wrote: | How is that user-hostile? | Razengan wrote: | See all the other comments on this page. | Pingu1999 wrote: | hola | Fiveplus wrote: | >Removing the ".nomedia" file from my snapshot folder solved the | issue. Not sure whether I created the file or not, but apparently | excluding it from the library breaks snapshots. Hope this helps! | | That seems like it. | seaish wrote: | Had to look it up, but the purpose of .nomedia is to tell apps | not to scan that directory for content. It's basically a | suggestion, but say you have a dir with a bunch of cached web | assets; it would be useful to drop a .nomedia file in there. So | really this seems like a bug in the screenshot tool for being | too strict (it isn't supposed to prevent writing, only | reading). Like the screenshot tool tries to create the dir when | it already exists (but can't be seen), fails, and gives the | wrong error message. | JosephRedfern wrote: | Fun fact: 5/6 years ago, a bunch of Huawei phones came with world | readable /dev/fb0 (framebuffer) device files. | | This made it trivial for any application to read the display, | totally bypassing any Android screenshot/screen recording API | (not that one existed at the time). Some of those devices also | had readable /dev/event/input* files, which allowed touchscreen | interaction to be monitored. | jbirer wrote: | Sounds like a good backdoor with plausible deniability ("the | dev forgot to restore permissions"). | tsar_bomba wrote: | True in principle, while in the real world the devs didn't | even inspect perms on those files or changed them | deliberately to fix some access control issue without a | second thought. Welcome to embedded software, where the | product is ready when it passes the functional tests. | | In related news, I have seen at least two proprietary drivers | which allowed userspace libraries to program the hardware | without any kernel oversight, incuding things like DMA | engines. Pointed it out to one vendor; "yeah, we guess it's | not ideal, but you know, details of the hardware is our | secret sauce and customers demand no binaries in the kernel | because reasons, blah blah". | | I assume many of those embedded OpenGL implementations may | work that way. Anyone with evidence to the contrary? | rsynnott wrote: | I think Hanlon's razor applies. This sort of shoddy work was | pretty common in early Android phones, as companies with | little software experience adapted to being OS vendors. | | Here's another similar in concept (though much worse) one | from Samsung: https://nvd.nist.gov/vuln/detail/CVE-2012-6422 | exikyut wrote: | > _The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU | MX, and possibly other Android devices, when running an | Exynos 4210 or 4412 processor, uses weak permissions (0666) | for /dev/exynos-mem, which allows attackers to read or | write arbitrary physical memory and gain privileges via a | crafted application, as demonstrated by ExynosAbuse._ | Lucasoato wrote: | This is absurd... Why are the apps alerted when the user is | taking a screenshot? Why can they even block that action? | | How can people even change that since Android is directly | controlled by Google? | kllrnohj wrote: | The app isn't alerted. Rather apps can indicate they have | sensitive information via FLAG_SECURE. This is useful in | preventing things like your bank account information from | persisting in the recents snapshots. | | Why this blocks manual screenshots with no override though is | bonkers insane. But likely a case of an incomplete feature than | malice as it's not unreasonable to assume both entry points for | screenshots hit the same internal path. | Spivak wrote: | > Why this blocks manual screenshots with no override though | is bonkers insane | | Because they don't want sensitive information persisting in | your camera roll. | icegreentea2 wrote: | The "least shitty" reason is to enable stuff like snapchat, and | to bring some sense of ephemeralism to content. | shawnz wrote: | Presumably, apps could use the screenshot API to extract | private information from other apps | JosephRedfern wrote: | You'd think that a user-initiated screenshot should be | distinguishable from a API initiated one, though. | | In my experience, it mainly seems to be banking and messaging | apps that monitor or block screenshot events. | dsego wrote: | @db48x > but how can the OS really know if its really the | user initiating the action and not a malicious application? | | Isn't it sort of a responsibility of an "operating system" | to know that stuff? | shawnz wrote: | If a user initiated screenshot was distinguishable from an | API initiated one, then you could argue third party | screenshotting apps aren't first class citizens on the | platform | WesolyKubeczek wrote: | Okay, here's a question: why should third party | screenshooting apps exist? What benefits do they offer | over the stock functionality? | Eli_P wrote: | Accessibility utils like screen readers do OCR and read | aloud the content for blind people. | indymike wrote: | Lots. Automatic watermarks. Automatic resizing. Different | storage options, putting a phone frame around the | screenshot, and lots of other things that are really user | workflows. And that is the heart of the issue: when we | restrict user workflows, we reduce the utility of the | tool. | WesolyKubeczek wrote: | Then make it a generic image editor. What we have now is: | an editor but for screenshots, an editor but for selfies, | an editor but for cat photos, each with its own cloud | storage which leaks (or spills) data once a year and | which data is also being processed by the app owners in | ways you'd be disgusted about. | | There's a screenshot functionality in the OS and there's | a Share button which should work just as fine and be way | more secure. | indymike wrote: | The shot->image-process->save->share cycle takes user | time, and is an inconvenience that some people will even | pay money to avoid. Since we're talking about | screenshots, we're actually talking about typically, | developers, tech writers and marketers who are automating | their day-to-day workflow. | WesolyKubeczek wrote: | Shot - share to your fancy shmancy editor that puts a | phone frame around it - put a frame around it - save | somewhere. | | Here, simplified that for you. | | You can totally make an app that streamlines this and | doesn't cast doubts on its privacy hygiene at the same | time. | maple3142 wrote: | But third party app can be more flexible. For example, I | used a app that can let you easily crop a part of screen, | then you can edit, image search, share, OCR than | translate and many things just in a pop-up. | shawnz wrote: | Consider for example an app that lets you set triggers | based on different events, like a hardware button | remapping app or an IFTTT-style service. Should the user | be able to program such an app to take screenshots? | adrianmonk wrote: | Writing tutorials is a common use for screenshots. | Suppose I want to write an app that makes it easier to | create tutorials. It could have companion software on my | desktop computer so that when I hit the enter key, it | captures a screenshot and transfers it to the computer. | This would eliminate tedious steps and streamline the | process. | | It might seem like a niche application, but it seems | there is tutorial creation software for other platforms | already. It's probably pretty useful for people working | in IT departments. | WesolyKubeczek wrote: | Does one already exist? | | If not, why? And what are all apps that use screenshot | APIs doing? "Worse than stock but with some branding and | ads?" | | Just looked at what iOS screenshot apps offer. Mostly, | just what I wrote above: worse functionality but with | branding. | JosephRedfern wrote: | Is that not reasonable? | shawnz wrote: | Anyone who uses one will probably be wondering why your | preferred method of taking screenshots always works | whereas theirs is sometimes blocked. The problem hasn't | really been fixed for everyone that way. | shakna wrote: | Which can be worked around by the user being able to set | their default and preferred screenshot app. | db48x wrote: | It's a weird problem. Some application running on the | device must accept some user event, such as a key press, | mouse click or touch event and turn that in to a request | for a screenshot. This is true regardless of operating | system. I agree that it should always be possible for a | physically present user to take a screenshot and save it, | but how can the OS really know if its really the user | initiating the action and not a malicious application? | _Microft wrote: | This exists on the web. | | https://developer.mozilla.org/en- | US/docs/Web/API/Event/isTru... | shawnz wrote: | Even if you can be sure that the event originated from a | real user action, that doesn't tell you that the user did | the action with the intention of taking a screenshot. For | example, they could have been "clickjacked" into clicking | the screenshot button. | JosephRedfern wrote: | The malicious application would have to be able to spoof | user input, which would be an issue in itself. | [deleted] | pengstrom wrote: | This seems simple enough to solve. Display a modal when | screenshoting apps marked as "secure", requiring user | intervention. If it appears without your input, simply | dismiss it and block the screenshot. This allows users to | screenshot when they want to. | shawnz wrote: | I like that solution. Although it doesn't solve the | Snapchat use case, but maybe that is a good thing. | floatingatoll wrote: | Apps are alerted on iOS, too. Have been for years. | bdcravens wrote: | Yes, but fortunately the apps on iOS can't block an OS-level | feature, only take action in their app | floatingatoll wrote: | https://screenshieldkit.com/ doesn't seem to agree, though | I have no idea if they're still effective two years later. | phendrenad2 wrote: | This problem really reminds you that Android is Linux. Everything | is a file, even the bugs. | jaspergilley wrote: | Well...Linux plus rootkit preventing you from doing what you | want on a device you've paid for | dannyw wrote: | It's blocking you from taking screenshots today. It's blocking | you from disabling location services tomorrow. | lern_too_spel wrote: | This is a bug with incorrect handling of the .nomedia file. iOS | already doesn't allow you to disable location services. That is | intended behavior. | nexuist wrote: | What are you talking about? You can easily disable location | services on any Apple device. | lern_too_spel wrote: | But if you disable location services, you cannot get your | location at all. This is unlike more privacy-respecting | platforms like Android, which let you get your location | from the GPS sensor without enabling location services. | | Suppose Apple occasionally sent "anonymized" screenshots | back up to Apple as part of "screen services." You could | say you could disable screen services by not turning on the | display, and that is what disabling location services is | like on Apple devices. | kmeisthax wrote: | That sounds like a bug on Android's part. If you disable | something called "location services", then you would | expect that the GPS sensor no longer works. | lern_too_spel wrote: | Why would you expect that? If you deny an app the | location permission, you would expect that the app cannot | use GPS, and that is exactly what happens on Android. If | you want faster location information in return for | sharing "anonymized" location information with Google, | you can optionally turn on location services to do so. | This is considered a big enough privacy invasion that | Android devices with Google services ask the user about | it on initial set up. | | On iOS, if you want to get your location at all via _any_ | app, even an app that keeps the locations it receives on | the device, you automatically consent to having your | location sent to Apple, and Apple doesn 't even tell the | user that they're doing this unless they go out of their | way to find the privacy policy. | parksy wrote: | That's when I throw my phone in the bin, really. | | Everyone acts like we're all subservient slaves but we all have | our limits. | swebs wrote: | They already block you from disabling location services if you | want to use bluetooth. | unethical_ban wrote: | How is this true? I can easily disable location in apps and | in settings. | Polylactic_acid wrote: | Its slightly wrong. You can't allow an app to scan for | bluetooth devices without giving it location permissions | because bluetooth scanning can be used to detect precise | location. | jaspergilley wrote: | Jesus, I had no idea. Remind me to never, ever switch to | Android | meibo wrote: | This works exactly the same way on iOS or any device that | supports Bluetooth low energy, since it allows very fine | grained location detection. Try it yourself. | | This has caused some issues for covid apps since, to use | BLE on Android, you need to request the location permission | - which people were naturally afraid to do. | eertami wrote: | If this is truly a problem for you, your statement should | be "Remind me to never, ever use Bluetooth". It is nothing | to do with Android. | toast0 wrote: | My understanding is this is a little bit more nuanced. | | For an app to use bluetooth, it needs location permissions as | well as bluetooth permissions. Reportedly, this is to prevent | an app from using bluetooth beacons to determime your | location without permission. | | Otoh, it sucks for bluetooth stem toys; you can't use them on | an Amazon Fire tablet in a kid's profile, because location | permissions are not allowed for kids' profiles. | nexuist wrote: | It should be noted that there are legitimate reasons for | blocking screenshots; on corporate managed devices handling | sensitive data e.g. files or PDFs for example. Obviously if the | device is owned by the company then the company is well within | its rights to control what functionality is available (just as | a solo user is within their rights to control what the device | is doing at all times). This is a bug where the device is | somehow being tricked into thinking this functionality has been | disabled by its owner, when in reality it has not been. | | There are also legitimate reasons for blocking the disabling of | location services. If I have devices with proprietary | applications or access to proprietary data sitting in a secured | room, I want to make sure nobody can take that device out of | the room, and if they do, the device should enter some sort of | lockdown or sleep mode so as to prevent the leaking of | sensitive information. This is a legitimate feature that would | make sense to implement on commercial (not consumer) devices. | That the OS ships with the ability to disable disabling | location services is not an indictment on the OS - it is only | an indictment if the OS does so without your permission. | ssivark wrote: | > there are legitimate reasons for blocking screenshots | | Couldn't someone anyways display the content on one screen | and take a photograph with another device. For text content, | the degradation of image quality doesn't even matter. Doesn't | that make screenshot-blocking a pointless exercise? | Upvoter33 wrote: | just buy one more phone, you know, the one to take pictures of | the other phone with. :) | vaccinator wrote: | First they block the sd card and now screenshots because they | dont trust their app review process? | vaccinator wrote: | So much for a safe app store | bigjimmyk3 wrote: | This seems to be in the same vein as "you can't be allowed to | record your call audio," I suppose because you might | theoretically use that capability to break the law. | ashtonian wrote: | So effing stupid. Every company/ vendor has automatic call | recording but the prescience is that I as an individual am too | much of a child to take legal liability for recording.. | Infuriating. I pay for ring central just so I can record my | calls. Even they want to give a warning prompt, had to | customize the warning to be an empty message. | Dahoon wrote: | You clearly didn't even click the link. It's a bug report.... | heavyset_go wrote: | Anti-trust action against Google and Apple for holding the mobile | OS and app distribution market hostage for over a decade cannot | come fast enough. | Cantbekhan wrote: | Alternatively on Android you can use Smali Patcher | https://forum.xda-developers.com/apps/magisk/module-smali-pa... | with a rooted Android. This program will generate a magisk module | that will enable disabling the secure flag for the pesky apps | disallowing screenshots. It will also allow you to enable mock | locations. At your own risk. | m4rtink wrote: | Today they take away the ability to make screenshots - what will | they take away next ? Being able to run your own scripts and | binaries ?? | | No! They already took that away in Android 10... | https://github.com/termux/termux-packages/wiki/Termux-and-An... | dvduval wrote: | I will especially hate this when I'm trying to translate | something. If I can't copy and paste text into a translate app, | the next step would be to take a screenshot and then use OCR. Of | course if I'm really determined there are ways to still do a | translation. I can only imagine what sort of problem is mighy | arise for someone with accessibility issues. | flyinghamster wrote: | What's exceptionally stupid is that all I have to do is point a | camera at the screen. DRM for the fail, yet again. | shawnz wrote: | It's a security measure, not a DRM measure. The risk of | pointing a camera at the screen is not the kind of attack which | this is meant to prevent. | neallindsay wrote: | ...what kind of attack is this meant to prevent? | crazygringo wrote: | A bunch of comments here are assuming this is something | intentional on Google's part. | | Simply from the error message alone, it's _obvious_ that this is | a bug. As well as from how easy the workaround is. | | Google might do many things wrong intentionally, but I see zero | evidence this is one of them. Just a bug, folks. | mavidser wrote: | Yeah, the comments seem to imply a case of 'commenting before | reading the content' behavior to me. | solinent wrote: | > it's obvious that this is a bug | | If someone were to prevent screenshots intentionally, and I had | mal intent, I would make my best effort to make it seem | unintentional. | snupples wrote: | Yes. Yes. First assume malice. Then any wild explanation will | do. | arnaudsm wrote: | This is a feature: FLAG_SECURE is real and used by many apps. | i.e. Chrome's Incognito mode. | | Sure, you have workarounds for power-users, but Google is | locking the Android ecosystem progressively for regular users. | Just like the Manifest v3 for Chrome. | | Maybe Google is doing the "Embrace, extend, and extinguish" | strategy that worked really well for Microsoft in the past. | crazygringo wrote: | Do you have any evidence for that? | | The thread is about behavior caused by a presumably erroneous | ".nomedia" file residing in certain users' screenshot | folders. | | The FLAG_SECURE feature doesn't appear to have anything to do | with that. Two entirely separate things, unless you can show | otherwise. | arnaudsm wrote: | The thread describes a bug indeed, but the feature really | exists. | | Quoting the Android SDK reference : "FLAG_SECURE [...] | Treat the content of the window as secure, preventing it | from appearing in screenshots" [1] Try to screenshot while | in Chrome's incognito, you'll see it in action. | | [1] https://developer.android.com/reference/android/view/Wi | ndowM... | umvi wrote: | > "Taking screenshots isn't allowed by the app or your | organization." | | To me that implies Android supports individual apps locking | down your device so that you can't use certain features (like | screenshots) while the app is open. | m45t3r wrote: | iOS and PS4 also does have this block if the developer wishes | to do so (generally for "security" reasons). | grenoire wrote: | or for DRM reasons... | Spivak wrote: | Nah, the DRM on iPhones is much stronger than screenshot | protection. When you're watching DRM protected media you | can still take screenshots but the part of the screen | that has the content will be blacked out. Basically all | forms of reading pixels from DRM windows just return | nothing. | userbinator wrote: | That's "hardware overlay", not exactly DRM (it's been | there on PCs for a _very_ long time) but certainly leans | in that direction. | Polylactic_acid wrote: | It works different, you can always screen record but apps | can detect it and stop playing content while the screen | is recording. | machello13 wrote: | I don't think iOS does have a way for apps to disallow | screenshots. Do you have a source? | roywiggins wrote: | Android has had that as a feature for quite a while. | kevincox wrote: | For example Netflix uses it. Want to tell a friend how | amazing this show is? Not on Netflix's watch! | umvi wrote: | Well if it does, I should have absolute power to disable | it. My phone, my screenshots. | Thomashuet wrote: | This is meant for company provided phones. So it's not | your phone, it's your company's phone. | zachberger wrote: | individual apps can prevent screenshots as well. My bank | doesn't allow screenshots in it's app. | simonh wrote: | It does, many bank and commerce apps use it to prevent | malware screen grabbing account and payment details. | grawprog wrote: | I'm a bit confused, reading through comments here, this seemed | like some nefarious issue, reading the conversation thread in the | op though it seems like an error with the .nomedia file in the | folder that's fixed by either appending a second dot to the front | of the file name or removing the file. | | I'm still unclear whether this was some intentional issue or an | error. | | The fix seems easy enough, if a bit opaque and non-obvious. | | That thread's also from September, does this issue still exist? | sdwolfz wrote: | You can use scrcpy (https://github.com/Genymobile/scrcpy) to | bypass the policy if you really need to have a screenshot. All | you need is to have a Linux laptop at hand, debug mode enabled, | and a USB cable plugged in. Super simple stuff right? (this is | satire!) | | Now, I'm as frustrated as anybody else here that I'm forbidden to | use whatever feature I want from MY phone, for which I paid, with | MY MOENY (and nobody else's apart from mine). But then again, | what choice do I have? Not buy a phone? Switch to what? There are | no viable and practical alternatives. It's a "take it or leave | it" situation. | graham_paul wrote: | Simplest way is to use another phone to take a screenshot | anticristi wrote: | I actually had to do that due to an app not having a feature | to export a receipt and not allowing me to take a screenshot. | Felt pretty brain-dead and dumb, if you ask me. | reaperducer wrote: | _Simplest way is to use another phone to take a screenshot_ | | That's not a screenshot. That's a photograph. | kps wrote: | This year, sure. Next year's phones will probably refuse to | photograph copyrighted design elements. But that's OK because | you can always use a film camera and develop it yourself and | hand-deliver a print. | alufers wrote: | AFAIK this does not work with apps which have purposefully | disabled screenshots, the Android UI is visible on scrcpy but | the contents of the app appear black. | | What is interesting is that Android appears to be rendering | every frame two times, because when I scroll down the | notification drawer, which contains some semi-transparent | elements under which you can see the restricted contents on the | screen of the phone, but on scrcpy the transparent elements | have black under them. | | The same thing happened when I wanted to use my Android TV as a | poor man's HDMI grabber. | sdwolfz wrote: | I've tried it with the Tesco Clubcard app which has | screenshots disabled. Also tried it out with some "Charles | Schwab" app somebody else said they had problems in a reply | here, scrcpy can record the screen perfectly. | | EDIT: also tried recording a youtube video in firefox private | mode, worked, but without the sound. | gen_greyface wrote: | scrcpy works with mac os too, iirc | BuildTheRobots wrote: | and windows as well... | dghughes wrote: | > Now, I'm as frustrated as anybody else here that I'm | forbidden to use whatever feature I want from MY phone, for | which I paid, with MY MOENY | | Samsung disabled the oxygen sensor (SPO2) on their phones for | Canada. For other countries they moved access for the SPO2 | feature further into the Samsung Health app. But for Canada | SPO2 sensor access is gone not accessible. | | No warning (probably buried in an email) just one day my SPO2 | sensor stopped working. I suppose it was due to some legal | thing but it certainly pissed me off. I'm never buying Samsung | again why blow $1000 on a phone only to have physical hardware | disabled? | artificial wrote: | If you're geeking out on health data, would you entertain an | Apple Watch? It features an O2 sensor which to my knowledge | hasn't been neutered. Do you think it's a patent issue? I | recall Apple modifying the active noise cancellation in the | AirPods Pro. | nojs wrote: | Apple does the same thing with the ECG feature - it's | frustratingly disabled on my Apple Watch for regulatory | reasons based on region. | wlesieutre wrote: | They tell you up front though, as far as I know they've | never sold a health sensor into a country and then | disabled it later, which is what it sounds like parent | comment is describing | Polylactic_acid wrote: | Thats because of legal reasons. ECG is a medical feature | that most countries require meets medical accuracy | standards which it likely does not in many countries. | runamok wrote: | Maybe some kind of patent infringement settlement in that | area? Or liability? A specific region feels like an ip or | legal issue... | | I see this thread below and there is a phone number you could | call to get answers. I believe there are legit sites with | older versions of apks you might try as a test. | | https://us.community.samsung.com/t5/Samsung-Apps-and- | Service... | grishka wrote: | > But then again, what choice do I have? | | Unlock the bootloader, install Xposed and this module: | https://repo.xposed.info/module/fi.veetipaananen.android.dis... | sdwolfz wrote: | Won't unlocking the bootloader make banking apps not work | anymore? Had this issue when I tried LineageOS on my old | phone, and I really like the convenience of those apps as | opposed to using the website, which is extremely bad. | | Also, how do I do all you said above? (I need a step by step | tutorial). Also is it reversible? Are there any other | security implications? | swiley wrote: | >make banking apps not work anymore | | If you live in a country where you _have_ to use your phone | for banking and can 't use the web then you need to talk to | your politicians. That seems like a pretty extreme | violation of your freedom. | | As much as I dislike the US at least we don't have _that._ | Jonnax wrote: | Violation of someone's freedom is a pretty silly stance, | when there's plenty of banks to choose from. | jlokier wrote: | Some banks and bank-like products only make themselves | available by mobile app. It's a commercial decision, and | seems to have been a trend with some "challenger" banks. | | I have two of those, and I chose them because of unique | banking features (not the mobile app) not offered by | other banks which I found valuable. It's nothing to do | with the country. | | To be honest it would be nice to have web access as well | (or even phone banking), but we take what we can get. | berdario wrote: | I recently opened 3 bank accounts. | | It's not only the challenger banks: nowadays banks will | also encourage you to use their app for 2FA. You can use | a proprietary token instead, but you'd have to pay for it | (the app instead is free). 2FA sms is not supported with | some banks (and that's good). | | I think the UK is an exception, since for 2 of the banks | I had accounts with, they just used a 2nd "memorable" | password as "2FA" (avoiding the requirement of a | smartphone) | toastal wrote: | In Thailand the bank I have, Kasikorn, charges for ATM | usage outside of the registered province even from the | same network... UNLESS you use their cardless withdraw | that uses some QR code for TOTP that requires the app | (that will attempt to block phones with root access). You | can use the website as well for some things, but it | requires SMS-based OTP with no supported alternatives. | | I'd switch banks or at least branches to this new | province, but my current visa won't allow it (and for | whatever reason, you cannot transfer accounts but need to | open a new one). | kevin_thibedeau wrote: | It's never safe to bank from a computer you can't | control. I would always consider a phone to be | compromised. These are the richest targets going for | exploits so why risk it. | yiyus wrote: | In which kind of bubble do you live where not making web | apps available for your clients is seen as an extreme | violation of freedom? As long as it is possible to go to | the bank to do whatever you need to do, I do not think | politicians have anything to say. | | Sometimes you don't have to, but it's much more | convenient. For example, I can use my bank app just with | my fingerprint. To use the web app, I either have to | login with my phone (reading a QR code) or have to use | one of those devices where you insert your card and enter | a couple of codes (if I find it...). | m4rtink wrote: | Dictating what you can use on a device you own or else | they won't do business with you is rude & clear violation | of one's freedom. | yiyus wrote: | If some bank tells me I have to use certain app to make | business with them, it's my choice to do it or not, but | they are not violating my freedom. And I find saying this | is an "extreme violation of your freedom" insulting for | those who are actually seeing their freedom violated. | sdwolfz wrote: | I live in the UK and have used 5 banking apps so far (not | all of them at the same time): | | - Barclays (App won't work with LineageOS, website is | horrible). | | - Monzo (App only, no website, works with LineageOS). | | - Revolut (App only, no website, works with LineageOS). | | - TransferWise (Web and App, both work well, but never | tried it on LineageOS). | | - ING Home Bank (App won't work with LineageOS, website | is manageable, but still a pain compared to the app). | | Of course I don't _have_ to use any of these, but there | are clear advantages to using any of them, depending on | the situation (you wouldn 't take a mortgage from | TransferWise, split bills with Barclays, and hold foreign | currency in Monzo, mainly because they don't support | that). Also you don't _have_ to use a phone, just walk | around without one, make people email you instead of | calling, and ask people for directions instead of looking | at a GPS map. | | My point is, I paid for my phone (me alone, nobody else | chipped in) so I want to use every feature it provides | without restrictions, as it is my property. That goes for | both taking screenshots and using apps. And when it's not | possible, I look for alternatives. Right now none are | practical, nor feasible, so all I got left are tricks | like scrcpy and rants on forums ;). | [deleted] | thederek512 wrote: | Monzo have a pretty comprehensive API that you can build | your own web based interface around if you wish. If you | look on github a ton of people have done that, all you | need to do is clone the repo, plop in your Monzo api key | and the jobs a goodun. | fyfy18 wrote: | Are there any banks that provide EUR accounts that do the | same (Monzo is GBP only)? | calcifer wrote: | Yes, Starling. | loriverkutya wrote: | Both Monzo and Revolut have website access. | sdwolfz wrote: | No, unfortunately this is wrong. | | Monzo only seems to have and login for their business | accounts. For personal accounts it's still phone only. | And business accounts are a recent addition. | | Revolut has login now, but you can't do anything there, | except viewing your balance and blocking your card. And | this is a new thing, maybe and beta version, otherwise | they would have officially announced it somewhere, like | in the bragging emails they like to send from time to | time. | zrobotics wrote: | Question: if there's no website, how TF are you supposed | to use Monzo or Revolut from a proper computer? Is there | really no way to do something simple like xfer money or | view balance without using your phone? If so, why did you | even open an account, I'm assuming that since you are on | this site you are at least a little bit technically | inclined. | | Just looked, and apparently Revolut is 1) app only 2) | tied to a mobile number. So not only is it annoying to | use, but likely also susceptible to sim jacking. Again, | why would anyone want to use this; I hate having to deal | with wells fargo (they bought a loan I have) but even | they seem less crappy. Not trying to hate on OP, I'm just | shocked at how crap their service appears to be. | literallycancer wrote: | Revolut app doesn't break itself just because the phone | is rooted though. It's mostly the dinosaur banks trying | to do your thinking for you. | sdwolfz wrote: | > Question: if there's no website, how TF are you | supposed to use Monzo or Revolut from a proper computer? | | You can't. That's why you don't use them for serious | work. | | > why did you even open an account | | Different use cases, different circumstances. I don't | depend on them but they give good exchange rates and zero | fees when transferring or spending money abroad. It's the | "it just works" and "fast and cheap" effect that the | traditional banks don't have. And opening an account is | done online, and you get access to your account in hours, | compared to Barclays which took 2 months of ping pong, | when I first moved into the UK (since I did not have a | bill issued in my name at my UK address I could not open | an account, so I could not pay my landlord rent so I | could get an address to open an account, fun times). | Without that Monzo account I could have not been paid in | my first 2 months. | | But if you want to know how crap Revolut really is, try | contacting their support to report a bug in their app, | they don't have an email, but instead ask you to get in | touch with them on Facebook. | zrobotics wrote: | Oh wow, that's even worse than I thought. Thanks for the | explanation, that does make sense. I wonder if they could | get in trouble for AML, or possibly Barclay's is just | being overly picky with who they want as customers. | | But seriously, not even a support email? Good God, I | would trust PayPal with my money more than that; but I | suppose they needed to hit all the fintech bingo | buzzwords. | sdwolfz wrote: | They have to do a KYC (know your client) check, which I | assume they do a credit check on you, probably via | Experian or another one of these. You also send a picture | of your ID, and record a video of yourself saying "Hello, | I'm $NAME and I want to open an account with $COMPANY". | | The Barclay's part is just an old practice. How I ended | up doing it after two months was by having a letter from | my employer stating that I'm registered with them at a | particular address. But what I learned from somebody else | that went through this, after those two months, is that | they could have said my "home" address was the address | the company is registered at instead. This is how they've | used to do it with other people that have hit this | problem, it just didn't occur to me to ask for something | like this, and it didn't occur to them to suggest this | either since they assumed I had everything in order | (since I already submitted my Monzo account for salary | payments). | fulafel wrote: | The how depends on the phone model, but there are step by | step instructions available for many. Eg https://www.xda- | developers.com/google-pixel-4-root-magisk/ | | Also, if the phone has a vendor supported way of unlocking | the bootloader, it will typically also trigger a wipe / | factory reset (presumably because to keep DRM enforcers etc | happy). | Zak wrote: | The factory reset is to prevent extracting data from | stolen devices. It's obsolete if the device is encrypted. | dheera wrote: | > Won't unlocking the bootloader make banking apps not work | anymore? | | Is it not possible to unlock the bootloader but modify the | OS tell apps that the bootloader is locked no matter what? | Can we do this with Xposed? | ziml77 wrote: | It's a cat-and-mouse game and unfortunately over the past | handful of years it's been a losing battle for root | hiding. It's why I gave up bothering with root despite | having done it for nearly a decade. | grishka wrote: | > Won't unlocking the bootloader make banking apps not work | anymore? | | Depends on how paranoid your bank is. There's this | SafetyNet thing that checks for "system integrity". It's | part of Google Services. _For now_ , it's possible to | bypass these checks using Magisk, but I've read that Google | is testing the new method involving TrustZone -- a hardware | trusted execution environment within the SoC where you | aren't one of the trusted parties. | | > Also, how do I do all you said above? (I need a step by | step tutorial). | | There should be plenty on xda-developers.com | | > Also is it reversible? | | On Google devices, yes, completely. You can reflash the | factory images that Google provides and relock the | bootloader. On others... it varies, on Samsung especially. | | > Are there any other security implications? | | If you leave the bootloader unlocked, anyone with physical | access to your device will be able to reboot it into the | bootloader and load arbitrary code with OS kernel | privileges. From there they'll be able to modify the | installed system. They won't be able to read the /data | partition [right away] because it's encrypted with your | password/pattern. | | IMO it's really a shame you can't re-lock the bootloader | with your own signing key. | opencl wrote: | You _can_ re-lock the bootloader with your own signing | key on Pixels. GrapheneOS seems to be the only third | party ROM currently taking advantage of it. | grishka wrote: | TIL about `fastboot flash avb_custom_key`. Certainly | better than nothing, but seeing how it shows a warning on | each boot in this mode, it most probably trips SafetyNet | as well. | 0xdeadb00f wrote: | There is another called Replicant IIRC. | | But it requires you to set up your own build + signing | server in AWS. | neurostimulant wrote: | Your mileage might vary, but I'm using 4 banking app (one | of them even disallow taking screenshot in Android 10) but | they are working on custom rom (lineageos) with unlocked | bootloader as long as I don't install root. | dastx wrote: | In case you want to root, you can use magisk hide to | prevent banking apps from knowing you've rooted. | mindslight wrote: | The worst I've found is a few apps that complain and push a | bullshit scare story at you ("your device is insecure" LOL. | My house is technically less secure because I have a key to | it, too). Bank accounts are commodities and most banks have | no monthly fees with no minimum balances. The easy answer | is to choose banks based on who _doesn 't_ engage in user- | hostile shenanigans (see also: snake oil "2FA"). Moving | between accounts over the course of a few months is quite | easy, especially if you do not write checks. | dheera wrote: | Does Xposed support Android 11 yet? | | Can anyone vouch for this Xposed alternative that seems to be | more on top of Android releases than Xposed, but also seems | closed source? | | https://taichi.cool/ | jimlikeslimes wrote: | Google's play store requires screen grabs of payment screens | when submitting. They recommend you photograph the phone with | a separate device... | BlueTemplar wrote: | :facepalm: | distances wrote: | Maybe you could run the app in an emulator and take | screenshots on the host computer? | [deleted] | zrobotics wrote: | Sadly reminds me of the very early days of online video, | where speed runners would video their televisions because | screen capture devices were terribly expensive. | | What's old is new again? | reaperducer wrote: | _What 's old is new again?_ | | I'm not so sure. Back in my Windows days (95? 98, maybe?) | if I played a DVD on my computer, the window that the | video was playing in would be black if I took a | screenshot. | toast0 wrote: | A lot of early computer DVD playing was using hardware | accelerated decode, with the resulting images bypassing | the framebuffer. That means it won't show up on your | screenshots, but it wasn't necessarily detecting a a | screenshot and blanking the output (although, once | software decoding was feasible, that may also have | happened). | eznzt wrote: | I remember this. I also remember the colour of the video | window was something like 030303 and if you had that | colour on any other window (including your wallpaper) you | would see the video there as well. | vagrantJin wrote: | All those highly paid, highly educated people really and | truly believe this to be a solution? | sbarre wrote: | They absolutely do not, but this is the bullshit they | choose to hide behind. | jimlikeslimes wrote: | Sorry, it was the Google Pay verification not play store. | I did it a few weeks ago, might have misread it but | pretty sure that's what they wanted. | exikyut wrote: | Yes. Taking a photo with a separate device is reasonable | evidence you're not breaking secure boot et al. | | If I understand correctly. | yholio wrote: | It's as if the last 30 years of technical evolution never | happened and we are back at faxing signed forms and for | extra security and applying triple rot-13 to guarantee no | unauthorized access. | darepublic wrote: | Yeah the big tech companies want to destroy the ecosystem | of opportunity they benefited from, in order to protect | their power. If it means a world with more needless | bullshit for everyone, so be it | warent wrote: | that can't be true because nothing would stop them from | taking a screencap and then photoshopping it over a | different picture | inquirerofsorts wrote: | > Unlock the bootloader | | A dangerous game on anything other than Xiaomi phones these | days, the only company to provide official bootloader unlock | software, but yeah otherwise, go download it from some shady | website and not have a care in the world about the most | sensitive device you own. | | > install Xposed | | Last updated 2014 :\ | | You'd be safer shooting heroin into your eyeballs than | installing Android root software from 6 years ago. | | How on Earth is this advice allowed here? | inquirerofsorts wrote: | Prove me wrong anytime folks, I'm sure you can at least | flail around and try, or at least mash the squeal button | that you all like so much. | | How exactly do you unlock bootloaders from modern phones | (past 2 years)? You get jailbreaks from the internet and | sideload them right? Do you disassemble the binary code? | Does it void your warranty? Which mobile device | manufacturers offer official bootloader unlocks today? | There's only one I know of. | | Did i happen to mention the big bad China company in a good | light to warrant such disdain for my _as yet undisputed_ | comment? Is that the problem here? | | [:)] https://repo.xposed.info/module-overview | pmontra wrote: | My Samsung A40 from 2019 has an unlock bootloader option | in the Developer Options. I didn't check what it does | neither I googled it but it's promising. | BenjiWiebe wrote: | The presence of the "Allow OEM bootloader unlock" is NOT | an indication that the bootloader is unlockable, sadly. | j16sdiz wrote: | Most samsung phone are unlockable. But it have a e-fuse | to prevent you re-locking it | kclay wrote: | You install adb from Google and run one command. That's | how you unlock a bootloader. | | As for root, yes you have to install something which is | Magisk which is open source and vetted and had been | around for around 5+ years. | | My wife that has never done it just did it for her new | pixel 4a a few weeks ago. All I did was direct her to a | step my step tutorial (I vetted the tutorial) and she did | it flawlessly. | detaro wrote: | Motorola also has official bootloader unlocking. | ranger207 wrote: | Xposed has been replaced by EdXposed | literallycancer wrote: | There are definitely more manufacturers that provide an | official way to unlock. For some others you have to remove | the backplate and short some pins or whatever. These days | it's probably more convenient to just use one of those root | boxes though. | hobby-coder-guy wrote: | > with MY MOENY (and nobody else's apart from mine). | | Is this satire? | foxhop wrote: | I wanted to screenshot my Charles schwab app the other day and | got blocked... was so mad but never found a way to do it. | Samsung Note 20 Ultra. | sdwolfz wrote: | Just tried scrcpy out with that app, I can definitely record | the screen, on a Note 9. | simonh wrote: | It's probably to prevent malware from screenshot grabbing | account and payment details. | crehn wrote: | Is there any situation on iOS where a screenshot cannot be | taken? (serious question) | S_A_P wrote: | Netflix(and I suspect anything displaying streaming media) is | one for sure. The screen record only displays a black screen, | but you can capture audio... | l3s2d wrote: | Yes, try taking a screenshot of DRM protected content | (Netflix, Hulu, etc.). The content will be blacked out. | | That said, because of how DRM works, I doubt the video data | is available to any userspace applications. | 1vuio0pswjnm7 wrote: | The upgrades being provided are for the purpose of maximising | the value to you of what you paid for with your money (and | nobody else's). | | It is not like the company is making ongoing changes that | benefit the company's business at your expense. | | (This is satire.) | | In some cases, life is easier when you decide "I do not have a | choice". This allows complaining to be substituted for having | to make hard choices and taking responsibility for the | consequences. | andybak wrote: | > bypass the policy | | Bypass what policy? The post seems to be about a bug when you | use .nomedia in the snapshots directory. | sdwolfz wrote: | The security policy that prevents you from taking | screenshots. Bug or intended, it's the same functionality. | andybak wrote: | Any idea when it actually applies? Have you seen it in the | wild? I don't recall having that message appear | legitimately at any point but I guess it might be for | corporate phones. | | Any Android devs know if it's something that any arbitrary | app can turn on? | sdwolfz wrote: | Try the Tesco Clubcard app. On taking a screenshot you | will get a toast saying: "Can't take screenshot due to | security policy". | | This is what I'm referring to in my post above. | andybak wrote: | Like "disable right click" on websites I really struggle | to see how this is useful to Tesco in any way. It's | trivial to bypass. | | What's their threat model here? | crummy wrote: | I don't know about Tesco but I believe it's common on | bank apps to prevent malware from screen grabbing your | details when your bank app is open. | anonymou2 wrote: | Sorry but it is not really your phone if it runs proprietary | software. It is like in medieval times, you didn't own the | means of production. Welcome your new digital overlords!! | reaperducer wrote: | _Sorry but it is not really your phone if it runs proprietary | software_ | | There isn't a mobile phone on the planet that doesn't run | proprietary software at some level. | fsflover wrote: | Strictly speaking you are right, but Librem 5 [0] is going | to get Respects Your Freedom certification from the Free | Software Foundation, which is a high bar. If it's not | enough for you, see also: Precursor [1]. | | [0] https://en.wikipedia.org/wiki/Librem_5 | | [1] https://www.crowdsupply.com/sutajio-kosagi/precursor | cogburnd02 wrote: | FSF also supports Replicant which works with refurb'ed | (older) phones now. | | I own a Galaxy S3 & intend to get Replicant running on | it. | fsflover wrote: | All Android phones require proprietary blobs for many | functions, even for booting. S3 with Replicant will have | no Wi-fi, Bluetooth and so on: | https://tehnoetic.com/tehnoetic-s3-phone-replicant. | m4rtink wrote: | Also PinePhone is much closer to the ideal on a practical | level than Android/iOS phones. | pengstrom wrote: | Well, we don't own the means of production today either. | chordalkeyboard wrote: | You do if you own stock. | ClumsyPilot wrote: | And what can you do with it? | chordalkeyboard wrote: | You accrue the benefit of owning capital which is rents | on capital in the form of dividends. | smolder wrote: | Owning a fragment isn't quite the same as owning the | whole thing. Majority stock ownership would be close | enough. | chordalkeyboard wrote: | Most people don't have the money to afford to own an | entire factory, and if they did its still more secure for | them to diversify by owning many pieces of many factories | in different industries, that's why capitalists figured | out how to commodify the means of production as stocks. | Its not quite the same, its _better._ | smolder wrote: | It's not strictly better, no. As a minority shareholder | in Google I have effectively no power to make them stop | ruining the internet. Majority control is what gets you | something like full ownership, just with some other risks | and benefits. | chordalkeyboard wrote: | Majority control requires a lot of wealth, you don't have | majority control of Google because you don't have that | much money. You have no reason to expect a person like | yourself to be able to control the amount of capital | assets that Google represents. Your access to the means | of production is dependent on your ability to buy into | them and stock allows you to do that in small increments. | If it weren't for stock you still wouldn't have control | over anything like Google. | anonymou2 wrote: | That was my point, we are no better than in medieval times. | One can however run things like Replicant (I do) and I am | aware of some better alternatives like linux phone, | pinephone and librem5. I want to learn more about them | before my old Replicant phone dies. | supernova87a wrote: | There is a kind of half-formed philosophy out there which | believes we can get back to some false utopian small- | collective agri-mercantile worker paradise. | | It doesn't exist, and never did. Learn how to adapt and make | the most of the systems that exist now. | | I dare to say, if you even actually achieved those | fantastical scenarios, the damper on economic and population | prosperity would be such that you might not have been | conceived to wish for it. | | It's a little extreme to let a mobile phone's operating | system call for the revamp of our economic systems. | cat199 wrote: | > Learn how to adapt and make the most of the systems that | exist now. | | if this were the attitude, the free software that android | is built on wouldn't have existed in the first place... | crehn wrote: | They're mutually exclusive; I'm sure GP meant it in a | pragmatic sense. | anonymou2 wrote: | Make the most that the owner of the proprietary OS allows | you to. I am very thankful of all the people that have been | writing free (as in freedom) software which allows us to | have alternatives. I do not know about any small-collective | agri-mercantile worker paradise, but I am so happy that I | can still run Replicant and use things like Mutt+vim+gpg | for email. Free software is now more important than ever. | jtxx wrote: | Linux phones!!! There's still a lot of dev work to be done but | this is exactly why I'm on board with the pinephone. not a | daily driver yet, but if you're a programmer looking for | something to contribute to, go check it out | reaperducer wrote: | _There's still a lot of dev work to be done_ | | An incomplete choice is not a choice. | | He wants to cross a bridge without paying a toll. Telling him | that he can take a rickety bridge, an unsupported bridge, | build his own bridge, or wait for a new bridge to be finished | doesn't get him to the other side. | hutzlibu wrote: | He can continue to use the restricted bridge, but if he | want to use the free bridge soon, he can support building | that bridge, today. | javert wrote: | That's not helpful. Whereas the comment you are responding | to is helpful (at least to some of us). | LMYahooTFY wrote: | You're right but I think you're missing the point. I read | that as a call to action (this is HN), not a dismissal of a | problem. | | They're saying we're not getting a solution from the | corporate sector, so we need to build it. | rendall wrote: | I crossed that bridge when I came to it - trip trap! trip | trap! trip trap! - and lo! I heard a voice: "Who is it what | cross my bridge? I am very hungry, and I will eat you up!!" | Shuddering in fear, I told the hungry troll "I am but a | tiny me. You should eat my brother who comes along soon!" | The greedy troll, let me go, and I watched from the bushes | as the troll gobbled up my brother. I was sad, but then | remembered that I am still alive, not eaten | app4soft wrote: | > _Linux phones!!!_ | | Android phones > Linux phones!!![0] | | [0] https://www.makeuseof.com/tag/how-to-linux-on-android/ | squarefoot wrote: | They're non native chroot jails that don't solve any of the | problems addressed by the PinePhone or any similar _native_ | install. | fsflover wrote: | Or, if you're not a programmer and want to support GNU/Linux | phones, consider Librem 5. | secondcoming wrote: | I'm looking at Nokia again for my next phone. Just need to wait | for reviews to start. | dheera wrote: | Analog loophole. Worst case you could always carry a second | phone and use it to do screenshots. Maybe we could make an app | to calibrate and sharpen screenshots taken by a second phone to | make them look as good as real digital screenshots. | | We really need to show it to 'em who is boss. My phone | ultimately should listen to me, not Google. | benlivengood wrote: | Don't use apps. Aside from games and sensor integration they | can rarely offer more than a web-based experience. Push for | more safe hardware sensor integration in browsers. | amelius wrote: | Banks often have apps which are quite useful compared to | their web-based counterparts. Of course, it doesn't need to | be that way, but it's the way things work now. | ForHackernews wrote: | God no! The browser does not need to be an even bigger attack | surface than it is today. | Farbklex wrote: | Scrcpy is also available for Windows and Mac. | | The link here states, that the screenshot settings were | apparently broken due to a bug. So no bad intent from Google | here. | | Besides that, apps can declare their content as sensitive and | add the `FLAG_SECURE` to their activity which then hides the | app content form "unsafe screens", the "recent apps" screen and | screenshots. But this is a choice of the app developer instead | of Google. | Zak wrote: | > _So no bad intent from Google here._ | | Including a feature in the OS that allows apps to prohibit | the user from capturing the output of their own screen _is_ | bad intent. | sdwolfz wrote: | Not denying what you said, but I'd want a way to ignore | "FLAG_SECURE" as a setting, so when I really want to take a | screenshot, I should be able to do it regardless of what the | app vendor wants to impose. | [deleted] | alisonkisk wrote: | You can choose not to download their app to your phone. | sdwolfz wrote: | This does not end up solving the issue though. An android | setting toggle to "Disable screenshot blocking policy | globally" with a consent box saying "I understand the risks" | would. | | As the owner of the device my desire to take screenshots of | anything I want should come first, regardless of what | everybody else wants. | wojciii wrote: | Or even better an option to disable the policy for the next | 10 or 30 minutes which should be enough to.e to do whatever | you need to do. | TedShiller wrote: | iPhone | Dahoon wrote: | Are you adding info on what would be even worse? Because this | is even worse on iPhone. | hackmiester wrote: | When does an iPhone prohibit screenshots? ___________________________________________________________________ (page generated 2020-11-08 23:01 UTC)