[HN Gopher] Taking screenshots isn't allowed by the app after up...
___________________________________________________________________
Taking screenshots isn't allowed by the app after upgrading to
Android 11
Author : distalx
Score : 283 points
Date : 2020-11-08 11:38 UTC (11 hours ago)
(HTM) web link (support.google.com)
(TXT) w3m dump (support.google.com)
| andybak wrote:
| This is where a small bit of editorializing in the post title
| might be useful. The linked page is about a bug when you use
| .nomedia which is kind of interesting in it's own right. However
| most replies here seem to be on the broader topic of whether an
| OS should be able to block screenshots - this is another
| interesting topic but one that's only vaguely related to the
| linked page.
|
| I'm curious if the /u/distalx posted this because they were
| interested in a discussion about the former or the latter.
|
| If the former then it has largely strayed off topic. If the
| former then there might be a better page to link to that is more
| clearly about that specific "feature".
| Polylactic_acid wrote:
| Android certainly does have a feature to block screenshots in
| apps though.
| grishka wrote:
| I had a similar problem when I updated to Android 10 and the
| MediaStore content provider decided to get stuck in an infinite
| loop trying to upgrade its database. I couldn't take screenshots,
| use the camera, or use any functionality in any apps that would
| rely on the photo gallery. Now, that's me, a long time Android
| app developer, and it took me an hour to figure out what the hell
| happened (wiping the data for said content provider fixed
| everything, obviously). Imagine what would a regular user do if
| they encountered this issue? I had a fully-stock installation
| too, didn't even unlock the bootloader.
|
| I don't understand why modern software has to suck so much. If
| you can't perform some operation for some reason, for the love of
| god, at least show a sensible error message so people who haven't
| spent ridiculous amounts of time reading the source code of your
| product as part of their job can troubleshoot their systems. Not
| "something failed, go read logcat, maybe it helps, good luck".
| Polylactic_acid wrote:
| >at least show a sensible error message
|
| The only way to do this typically is to either already be aware
| of the issue so you can add an error (And in that case you
| would have just fixed the issue)
|
| Or to dump a stack trace.
| read_if_gay_ wrote:
| > at least show a sensible error message so people who haven't
| spent ridiculous amounts of time reading the source code of
| your product as part of their job can troubleshoot their
| systems. Not "something failed, go read logcat, maybe it helps,
| good luck".
|
| While I'm not sure whether it's true, I think the reasoning
| behind this is that to the average user, a sensible error
| message is about as useful as "something failed, good luck".
| grishka wrote:
| They could at least google it and find out how someone else
| solved the same problem. No such luck with more generalized
| error messages.
| nexuist wrote:
| An infinite loop as you described however is not really an
| error condition; in fact this is the premise of the Halting
| Problem [1] which is not solvable as far as we know.
| There's no way for the media provider to know if the loop
| will ever resolve and it may just be the case that you have
| an absolutely massive photo library that takes a lot of
| time to load. You could argue that they could add some sort
| of background timer that triggers an error if the provider
| takes too long to deliver data, but then what should that
| timeout be? What if the user's device is just naturally
| slow or the photo library is stored on some sort of
| external storage device (SD card maybe) with awful
| bandwidth? If your timeout is too low, it will prevent
| users from legitimately accessing their photo library; if
| it's too high, it ruins the point of having a timeout in
| the first place.
|
| In this sort of scenario the better choice rather than
| implementing error detection is just fixing the original
| problem that caused an infinite loop so users don't need to
| fix anything in the first place. I think the reason why
| debugging/resolving issues seems so complicated in modern
| times is in part because we already did fix most/all the
| "easy" issues from the past generation -- the only
| remaining issues are extremely hard to catch or, in the
| case of the Halting Problem you experienced, mathematically
| impossible.
|
| [1] https://en.wikipedia.org/wiki/Halting_problem
| toast0 wrote:
| > In this sort of scenario the better choice rather than
| implementing error detection is just fixing the original
| problem that caused an infinite loop so users don't need
| to fix anything in the first place.
|
| Sure, not having the bug would be better, but I can only
| assume that the developers didn't intend to make the
| conversion loop. They failed to not have the bug then,
| and most likely will fail to not have bugs in the future;
| that's life. The solution in this case may not be to
| detect an error condition, but to just indicate what the
| software is doing. Ex a persistent notification for
| 'updating database schema', maybe appearing after a 5
| minute timeout; if that sits around for an hour or five
| days or something, you can google around for it.
| perryizgr8 wrote:
| When you buy a pixel, understand you are paying to participate in
| a beta program designed to further some Google employees careers.
| You're not buying a phone that is designed to serve your
| interests.
|
| If you want a phone for daily use, get an iPhone or galaxy.
| amelius wrote:
| Wait a second, does the app _know_ that I 'm taking a screenshot?
| smadge wrote:
| Yes. For example when you take a screenshot of a message in
| Snapchat, the sender is notified.
| amelius wrote:
| This sucks and I consider this a serious breach of privacy.
| bdcravens wrote:
| At least you're not in a walled garden. /s
| lsb wrote:
| As long as the content is coming to your eyes, you can use
| another device to record it.
|
| If you have a separate phone that you use as a second factor for
| your 2FA, you have a convenient way of photodocumenting any
| screen that you see.
|
| People shakily recording their TV doesn't win any awards, but is
| evidence enough in a serious pinch.
| raffraffraff wrote:
| 2021 will be the year of Linux on the ... Phone
| exikyut wrote:
| Heh, sentiment noted - but the PinePhone is a thing now, so...
| let's see just how bad GTK and Qt can be on mobile, eh? :D
| cesarb wrote:
| > let's see just how bad GTK and Qt can be on mobile
|
| GTK and Qt on mobile is not a new thing, Maemo/Meego were
| earlier examples. In my experience, it worked fine.
| [deleted]
| jaspergilley wrote:
| God, I hope so. I've been meaning to try the PinePhone and
| maybe others at some point
| exabrial wrote:
| Take another phone, aim at screen, take screen shot.
|
| It's a stupid "feature" that lulls user's into a false sense of
| security.
|
| The real motivation is to prevent badly behaved apps from taking
| screenshots in the background, but requiring the user shortcut
| input to do that would be more secure and a better option.
| phendrenad2 wrote:
| The real motivation is preventing badly behaved apps from
| taking screenshots in the background, without investing any
| engineering effort into adding the correct user warnings and
| settings to differentiate between intended and unintended
| screenshots.
| ur-whale wrote:
| Or you could just have a second phone and take a picture of the
| screen of the first ...
| skee0083 wrote:
| I'm done with android. The final straw for me was when i needed
| to call 911 for my grandmother and android thought it was a good
| idea to play notification sounds in the middle of the
| conversation. Couldn't even hear the operator over all the loud
| DING DING DING.
| udia wrote:
| Having a Pixel 3 phone, I was annoyed that long-screenshots and
| call recording weren't available by default. Even when I rooted
| the stock ROM and disabled automatic updates, I would find that
| occasionally one morning my root setup would fail SafetyNet
| (where it was working the night prior). I addressed this by
| flashing the PixelDust rom on my phone. It now has stable root
| and I control all updates.
|
| As mentioned in many other comments, it's nice to own your device
| and not have it broken by automatic updates pushed from some
| external entity (intentional or not).
|
| A quick writeup for how to do this is available here:
| https://udia.ca/posts/2020/08/root_pixel_3_with_ota/
| hfktifjrn wrote:
| Signal app also has an option to disable screenshots on Android
| using this facility. I wonder what HN thinks about that:
|
| https://support.signal.org/hc/en-us/articles/360043469312-Sc...
| yjftsjthsd-h wrote:
| If it's user-controlled, why would anyone object?
| jccalhoun wrote:
| I'm on a pixel 4a and haven't encountered this. I just tried it
| on a couple apps including my bank's app and it worked fine. So
| this seems like a bug?
| LockAndLol wrote:
| To everybody complaining about how there are no options, my phone
| my money, etc., go donate (money, code, documentation) to a
| project actively working on providing an alternative. Put your
| money where your mouth is. Actions speak louder than words.
| rbecker wrote:
| It was a bug - this time. It's not your phone, you're just using
| it.
| asutekku wrote:
| It's to prevent you screenshotting snaps / disappearing
| messages sent to you or to prevent screenshotting licensed
| content. This is good for 99% of the people.
| nkrisc wrote:
| No. "Disappearing" messages are a farce. Disabling other
| people's screenshot capability so someone can be made to
| believe that their message will disappear is absurd. If you
| want a message that disappears, tell them in person and pat
| them down for a wire. Also there's nothing wrong with simply
| screenshotting licensed content. I'm allowed to do so for my
| own personal use. If someone is distributing licensed content
| that they are not licensed to do so, that's a matter for the
| courts.
| hfktifjrn wrote:
| Signal app on Android blocks screenshots too
| (configurable). Does that mean that they are clueless about
| security?
| detaro wrote:
| Signal does not pretend that it will stop the other side
| from screenshotting your messages.
| [deleted]
| badjeans wrote:
| Can it prevent the user from taking a photo of the phone
| screen with a different device?
| asutekku wrote:
| It does not prevent, but most people will not bother.
| jcelerier wrote:
| if you let people like the user above you have their way
| without offering strong condemnation and resistance, it
| will eventually happen, yes
| rbecker wrote:
| https://www.zdnet.com/article/apple-patent-could-
| remotely-di...
|
| https://www.cnbc.com/2019/10/10/apple-removes-police-
| trackin...
| kzrdude wrote:
| local public transport service uses this block for their app.
| To make it harder to casually fake app tickets.
| iyrkki_odyss wrote:
| It would still be possible to use external camera to capture
| the content.
| rbecker wrote:
| > prevent screenshotting licensed content. [..] good for 99%
| of the people
|
| Is this a parody, or do you truly think DRM is good?
| tpxl wrote:
| >DRM is good
|
| In principle is DRM bad? Sure, the current implementations
| are pure cancers, but if they weren't, wouldn't DRM be a
| rather good thing?
| rightbyte wrote:
| Why would the user want DRM.
| tpxl wrote:
| In general paying content producers allows them to
| produce more content. If it's neutral for the
| (legitimate) end user, but positive for the creator, why
| would you not use it?
| hfktifjrn wrote:
| Because they want to access the content, which might not
| be available otherwise.
|
| Netflix seems to be quite popular, and it's users don't
| seem to be bothered by the DRM - try taking a screenshot
| of it on the desktop, you'll get a black picture.
| rbecker wrote:
| > might not be available otherwise.
|
| Like how they stopped showing movies on TV once VCRs
| entered the market, or stopped playing music on the radio
| once home taping killed it. If only we had had DRM on
| radios and TVs back then, perhaps there would still be
| some entertainment industry left.
| hfktifjrn wrote:
| You are avoiding my point.
|
| Where is the user outrage over Netflix using DRM and
| blocking their rights to fair use.
|
| And if you don't like it, don't subscribe. Are you
| against companies being able to choose if to use DRM or
| not? Do you want to ban DRM? What about encryption, do
| you want to ban that too?
| rbecker wrote:
| > You are avoiding my point.
|
| I addressed your point directly. You claimed content
| might not be available otherwise (and that this is the
| reason consumers _want_ DRM), I gave examples that showed
| that to be obviously false. And DRM is much more than
| just not banned - it 's _illegal to circumvent_ , thanks
| to DMCA.
|
| > And if you don't like it, don't subscribe.
|
| I don't. But you're still not happy - I guess you'd also
| like me to shut up about how bad DRM is for consumers,
| and allow you to spread your false claims how Netflix
| wouldn't exist without it, unchallenged?
|
| > Are you against companies being able to choose if to
| use DRM or not? Do you want to ban DRM? What about
| encryption, do you want to ban that too?
|
| So you agree that DRM is bad for consumers and society,
| you're just not sure how to fix it? Because that is the
| only reason you'd want to skip directly to arguing what
| should be done about it... unless you were hoping to make
| it seem like DRM is good by proposing some overreaching
| "solution", and make it look bad by association with an
| encryption ban. But that would be an _incredibly_
| dishonest and slimy way of arguing, so I 'm sure that's
| not what you were going for!
|
| For the record, no, I don't want to ban encryption. But
| if DRM continues to infringe upon people's rights (such
| as fair use, or even regular property rights, like when
| Amazon remotely deleted an e-book, or Sony disabled
| OtherOS on PS3, or HP disabled "unauthorized" ink with an
| update to already sold printers), a DRM ban could be
| warranted. Many types of contracts are already banned,
| but you think consumers should just bow their heads and
| take it while corporations lock away their rights behind
| DRM?
|
| Do you believe the only choice consumers should have is
| whether to buy a product or not? They shouldn't advocate
| for consumer-protection legislation? They shouldn't even
| complain about anti-consumer practices, judging by how
| much my complaints bother you?
| hfktifjrn wrote:
| What bothers me is the constant hypocrisy of HN.
|
| Encryption is good, private companies should be allowed
| to use encryption however they want, but them using
| encryption for DRM or SecureBoot is bad.
|
| The market is right, except when it chooses DRM products
| or big slim smartphones with unchangeable battery and no
| headphone jack. Then it's bad.
|
| What's the consumer damage done by Netflix having DRM?
| Where are the damaged consumers hiding?
|
| BTW, circumventing encryption used in Signal is also
| illegal.
| ryukafalz wrote:
| Personally, though I don't like DRM, I don't think we can
| ban it generally (though I could probably think of a few
| more specific cases where we should). I would like
| breaking DRM to not be a felony, though.
| alisonkisk wrote:
| DRM enables consenting relationships between content
| creators and consumers. There's no need for you to
| interfere other people's relationships.
| flyinghamster wrote:
| For values of "consent" that amount to "we can do
| whatever we damn well please to you, take it or leave
| it."
| rbecker wrote:
| So when media and technology conglomerates conspire to
| include unasked-for, unadvertised DRM on consumer
| devices, that's "consenting relationships".
|
| When I point out consumers are harmed by this, that's
| "interference".
| penteract wrote:
| They may mean that it stops 99% of people.
| yamrzou wrote:
| Anyone else noticed that you can't take screenshots on Android
| when using Chrome Incognito mode? "Can't take screenshot due to
| security policy". I don't understand the rationale behind it. Why
| can't I take a screenshot of my _own_ phone?
| dredmorbius wrote:
| I've long noted this.
|
| Seems to affect both Incognito and standard mode.
|
| The screenshot disabling is an absolutely massive strike
| against Android and Google.
| Dahoon wrote:
| It works just fine in standard mode.
| Polylactic_acid wrote:
| Because we are in the age of treating the user as the untrusted
| party. I have noticed some instant messaging apps (telegram)
| use this feature.
| darksaints wrote:
| Personally I appreciate it, because for some odd reason my
| phone manufacturer placed the screenshot button combo in a
| weird location that I naturally grab when switching from
| vertical to horizontal, and so I'm always taking accidental
| screenshots. And if I'm doing something worth being in
| incognito for, I don't want any accidental screenshots,
| especially being backed up on Google photos.
|
| Though it would probably be nice if it asked you to confirm
| with a thumbprint, thereby allowing you to bypass the security.
| jtvjan wrote:
| It's to stop a preview from showing up in the recents screen.
| Try loading a page in incognito mode and then pressing the
| overview button. Notice that you just see a grey square instead
| of the page you loaded.
| phendrenad2 wrote:
| Why would app preview be conflated with whether the user can
| take a screenshot? Can't those be two separate options?
| Farbklex wrote:
| They should be but on android, it's bot handled by the same
| setting.
|
| So as an app developer I can either set the `FLAG_SECURE`
| to hide both or I need to create own workarounds like
| navigating to the root view element and setting it to
| invisible whenever the app is paused just to hide it from
| the recent apps.
| unethical_ban wrote:
| That is what is so nuts about this comment thread. People
| assume this is some illogical or nefarious decision by Google.
| Usually, these things are privacy related, or to prevent
| nefarious apps from capturing data without your permission.
|
| Perhaps "Screen capture" should be in the permissions API
| instead of blocking it...
|
| But for all the people complaining here, is there a legitimate
| app with this function that you use on a daily basis?
| Spivak wrote:
| Signal and most banking apps have it.
|
| The feature isn't literally supposed to prevent you from
| recording the screen, but it's enough of an
| annoyance/deterrent that people don't. The goal is to prevent
| people from having sensitive information sitting in their
| camera roll by accident and send a unambiguous signal to the
| user that you shouldn't be screenshoting it.
|
| It's the same feature Gmail enterprise offers that "blocks
| downloading and forwarding." Like of course literally it
| doesn't and can't possibly prevent someone motivated but it
| drastically reduces the chance of someone leaking
| confidential information when they have to go through a bunch
| of kludgy steps.
| maxerickson wrote:
| Maybe "Incognito mode doesn't persist any information" vs
| "Incognito mode doesn't silently persist any information"?
|
| The latter has more opportunity for confusion. Just a guess, I
| don't know what the rationale is.
| zozbot234 wrote:
| Both Chrome and Firefox disable screenshots in private mode. I
| assume that this helps defend against 3rd-party programs
| running in the background that might save screenshots
| unbeknowst of the user.
| jkcxn wrote:
| Are third party programs allowed to save screenshots
| unbeknown to the user in the first place??
| vorticalbox wrote:
| If the user gave it the permission too when they installed
| it yes.
| jakub_g wrote:
| In older Androids it was too easy for the app to get the
| permission to capture/record the screen without clear user
| consent. In newer Androids you need to ask permission at
| runtime.
| phendrenad2 wrote:
| So Chrome and Firefox should check if they're on a new or
| old Android.
| jakub_g wrote:
| It's only a part of the issue. The other part is that a
| "launcher" app shows miniatures of apps when you scroll
| through open apps, and this behavior is controlled by the
| same screen capturing permission. When you enable
| screenshots, you also enable previews in the launcher app
| when switching between apps, in some cases it might be
| not desirable.
|
| There's probably some more nuances that I'm not aware of.
| ffpip wrote:
| To prevent accidental screenshots of you watching porn?
| dalu wrote:
| Since when does Google allow you to watch porn? They do
| everything to fight it. You can't even install legit porn
| apps without manually downloading the apk. And then it only
| works on your phone and tablet, not the TV where it would
| actually be desired to work. Also what right does Google have
| to tell me what I can and can't watch on my TV/device?
| phendrenad2 wrote:
| iOS too. Porn apps are expressly forbidden.
| ffpip wrote:
| > Since when does Google allow you to watch porn?
|
| Porn is not allowed in the app store. They cannot regulate
| porn videos (child porn might slip through) and the
| headline next day would be ''Google allows child porn apps
| on the play store''
| zrobotics wrote:
| Huhh? I mean, I wouldn't trust any porn site with app
| permissions, but how does that logic even make sense? The
| inevitable conclusion would be that Chrome should be
| banned as well, since I'm sure there's some sketchy
| corner of the internet with that crap available.
| ffpip wrote:
| > Chrome should be banned as well, since I'm sure there's
| some sketchy corner of the internet with that crap
| available.
|
| Do you know the difference between a open browser and a
| app store meant to distribute apps?
|
| Chrome is not responsible for the website's content. But
| the app store will be help responsible for an app's
| content.
| zrobotics wrote:
| Maybe I'm obtuse, but I don't really see the difference
| between downloading Firefox from the play store or
| downloading a porn app. In either case, I downloaded an
| app from Google's servers that allows me to view
| objectionable content.
|
| If the objection is that Google doesn't want to provide
| an app that can be used to access illegal content, then
| why provide a browser? I would think that there is less
| of a chance of finding child porn on a major porn site
| app than what would be avaliable via a browser.
|
| The only difference I can think of is that a browser has
| other functionality besides adult content.
| Dahoon wrote:
| I'm sure you are aware that Chrome doesn't host the
| internet and didn't think this through.
| SquareWheel wrote:
| >They do everything to fight it.
|
| Not hosting something on their store doesn't mean they're
| trying to fight it. You're free to install whatever app you
| want outside of their store. Or just use the browser like
| everybody else.
| jakub_g wrote:
| Relevant crbug: https://crbug.com/985245
|
| If you use Chrome Canary you can now enable a feature flag
| under this URL: chrome://flags#incognito-
| screenshot
|
| Firefox has a setting in settings > privacy to enable incognito
| screenshots.
| matsemann wrote:
| I can understand the rationale somewhat, but annoying since I
| often use it for testing during work and it makes it hard to
| screenshot bugs.
|
| Another pet-peeve is banking apps doing the same. I understand
| they don't want stuff to show up in the app switcher and stuff,
| but it's annoying when I have to screenshot some expense or
| numbers to send to others.
| mensetmanusman wrote:
| iOS Screen recording does not work with digital rights controlled
| content.
|
| I wont be surprised if iOS screenshots are eventually also
| altered/prevented in the future using similar levels of control.
| Razengan wrote:
| At least Apple has not done anything as user-hostile as this,
| yet.
|
| On iOS the balance of control is still in the user's favor, not
| the apps', and increasing with every release (like discrete
| permissions, limited location sharing, being able to choose which
| photos each app can see).
| shawnz wrote:
| The balance of control is in the users favour on iOS even
| though it doesn't allow such basic affordances as sideloading
| apps?
| ericmay wrote:
| Side loading apps is not in the user's favor though. The
| iPhone is purchased explicitly to avoid that.
| shawnz wrote:
| By what rationale can you say that blocking sideloading is
| good for the user but not blocking screenshots?
| ericmay wrote:
| Because it deleverages Apple's ability to negotiate for
| users against developers as a collective bargaining
| agent. You can jailbreak your iPhone or get an Android
| one if you want.
| shawnz wrote:
| And blocking screenshots gives Google the ability to
| negotiate for users against developers who might
| otherwise not value the privacy of the user's screen
| contents... so what's the difference? You can get an
| iPhone if you want unrestricted screen access by apps.
|
| > You can jailbreak your iPhone
|
| And defeat all the security of the platform? No thanks.
| Plus, that relies on exploits being available (which I
| would hope for my own sake that they are not).
| ericmay wrote:
| That's not the same thing at all lol.
|
| And iPhone doesn't give apps unrestricted screen access.
| shawnz wrote:
| You don't see it as the same because you have different
| expectations/needs. I don't see Apple's control of the
| app store as being a value-add for me, so to me that is
| user-hostile. Meanwhile I do think it's important that
| apps can't arbitrarily look at my screen contents.
| ericmay wrote:
| > I don't see Apple's control of the app store as being a
| value-add for me, so to me that is user-hostile.
|
| Sure, I think the exact opposite is the case. Fortunately
| so far Apple has been on my side here. When that changes,
| I'll have to reevaluate the utility of the iPhone.
|
| > Meanwhile I do think it's important that apps can't
| arbitrarily look at my screen contents
|
| Hmm. Do you have any resources I could read to understand
| how iOS apps are able to arbitrarily read my screen
| contents? Thanks.
| gst wrote:
| One benefit of blocking sideloading is that it prevents
| people who have brief access to your phone (border
| agents, police, etc.) from installing spyware apps on the
| phone. On iOS those people can extract your data as local
| backup, but they won't be able to install any unapproved
| apps that run in the background and that monitor you. On
| Android it's trivial to install spyware apps via
| sideloading and regular users most likely aren't able to
| detect or uninstall them.
| shawnz wrote:
| Right, and so on platforms where sideloading is allowed
| doesn't it make sense to restrict the ways in which apps
| might be able to see the screen contents of other apps,
| for the benefit of the user?
|
| It's the same justification in both cases: ensuring the
| user's data stays private. I would prefer no screenshots
| over no sideloading if those are the only options.
| ericmay wrote:
| Sure, but iOS users such as myself prefer no side
| loading, primarily because I see no reason to side load
| any applications.
| pessimizer wrote:
| > The iPhone is purchased explicitly to avoid that.
|
| This is untrue. Not a single person purchased an iPhone in
| order to prevent themselves from loading apps.
| snazz wrote:
| I'm sure that plenty of people have purchased iPhones for
| their older parents to decrease the odds that they
| install malware.
| Razengan wrote:
| It's not a basic affordance if millions of people don't give
| a fuck about it.
| [deleted]
| EvilEy3 wrote:
| How is that user-hostile?
| Razengan wrote:
| See all the other comments on this page.
| Pingu1999 wrote:
| hola
| Fiveplus wrote:
| >Removing the ".nomedia" file from my snapshot folder solved the
| issue. Not sure whether I created the file or not, but apparently
| excluding it from the library breaks snapshots. Hope this helps!
|
| That seems like it.
| seaish wrote:
| Had to look it up, but the purpose of .nomedia is to tell apps
| not to scan that directory for content. It's basically a
| suggestion, but say you have a dir with a bunch of cached web
| assets; it would be useful to drop a .nomedia file in there. So
| really this seems like a bug in the screenshot tool for being
| too strict (it isn't supposed to prevent writing, only
| reading). Like the screenshot tool tries to create the dir when
| it already exists (but can't be seen), fails, and gives the
| wrong error message.
| JosephRedfern wrote:
| Fun fact: 5/6 years ago, a bunch of Huawei phones came with world
| readable /dev/fb0 (framebuffer) device files.
|
| This made it trivial for any application to read the display,
| totally bypassing any Android screenshot/screen recording API
| (not that one existed at the time). Some of those devices also
| had readable /dev/event/input* files, which allowed touchscreen
| interaction to be monitored.
| jbirer wrote:
| Sounds like a good backdoor with plausible deniability ("the
| dev forgot to restore permissions").
| tsar_bomba wrote:
| True in principle, while in the real world the devs didn't
| even inspect perms on those files or changed them
| deliberately to fix some access control issue without a
| second thought. Welcome to embedded software, where the
| product is ready when it passes the functional tests.
|
| In related news, I have seen at least two proprietary drivers
| which allowed userspace libraries to program the hardware
| without any kernel oversight, incuding things like DMA
| engines. Pointed it out to one vendor; "yeah, we guess it's
| not ideal, but you know, details of the hardware is our
| secret sauce and customers demand no binaries in the kernel
| because reasons, blah blah".
|
| I assume many of those embedded OpenGL implementations may
| work that way. Anyone with evidence to the contrary?
| rsynnott wrote:
| I think Hanlon's razor applies. This sort of shoddy work was
| pretty common in early Android phones, as companies with
| little software experience adapted to being OS vendors.
|
| Here's another similar in concept (though much worse) one
| from Samsung: https://nvd.nist.gov/vuln/detail/CVE-2012-6422
| exikyut wrote:
| > _The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU
| MX, and possibly other Android devices, when running an
| Exynos 4210 or 4412 processor, uses weak permissions (0666)
| for /dev/exynos-mem, which allows attackers to read or
| write arbitrary physical memory and gain privileges via a
| crafted application, as demonstrated by ExynosAbuse._
| Lucasoato wrote:
| This is absurd... Why are the apps alerted when the user is
| taking a screenshot? Why can they even block that action?
|
| How can people even change that since Android is directly
| controlled by Google?
| kllrnohj wrote:
| The app isn't alerted. Rather apps can indicate they have
| sensitive information via FLAG_SECURE. This is useful in
| preventing things like your bank account information from
| persisting in the recents snapshots.
|
| Why this blocks manual screenshots with no override though is
| bonkers insane. But likely a case of an incomplete feature than
| malice as it's not unreasonable to assume both entry points for
| screenshots hit the same internal path.
| Spivak wrote:
| > Why this blocks manual screenshots with no override though
| is bonkers insane
|
| Because they don't want sensitive information persisting in
| your camera roll.
| icegreentea2 wrote:
| The "least shitty" reason is to enable stuff like snapchat, and
| to bring some sense of ephemeralism to content.
| shawnz wrote:
| Presumably, apps could use the screenshot API to extract
| private information from other apps
| JosephRedfern wrote:
| You'd think that a user-initiated screenshot should be
| distinguishable from a API initiated one, though.
|
| In my experience, it mainly seems to be banking and messaging
| apps that monitor or block screenshot events.
| dsego wrote:
| @db48x > but how can the OS really know if its really the
| user initiating the action and not a malicious application?
|
| Isn't it sort of a responsibility of an "operating system"
| to know that stuff?
| shawnz wrote:
| If a user initiated screenshot was distinguishable from an
| API initiated one, then you could argue third party
| screenshotting apps aren't first class citizens on the
| platform
| WesolyKubeczek wrote:
| Okay, here's a question: why should third party
| screenshooting apps exist? What benefits do they offer
| over the stock functionality?
| Eli_P wrote:
| Accessibility utils like screen readers do OCR and read
| aloud the content for blind people.
| indymike wrote:
| Lots. Automatic watermarks. Automatic resizing. Different
| storage options, putting a phone frame around the
| screenshot, and lots of other things that are really user
| workflows. And that is the heart of the issue: when we
| restrict user workflows, we reduce the utility of the
| tool.
| WesolyKubeczek wrote:
| Then make it a generic image editor. What we have now is:
| an editor but for screenshots, an editor but for selfies,
| an editor but for cat photos, each with its own cloud
| storage which leaks (or spills) data once a year and
| which data is also being processed by the app owners in
| ways you'd be disgusted about.
|
| There's a screenshot functionality in the OS and there's
| a Share button which should work just as fine and be way
| more secure.
| indymike wrote:
| The shot->image-process->save->share cycle takes user
| time, and is an inconvenience that some people will even
| pay money to avoid. Since we're talking about
| screenshots, we're actually talking about typically,
| developers, tech writers and marketers who are automating
| their day-to-day workflow.
| WesolyKubeczek wrote:
| Shot - share to your fancy shmancy editor that puts a
| phone frame around it - put a frame around it - save
| somewhere.
|
| Here, simplified that for you.
|
| You can totally make an app that streamlines this and
| doesn't cast doubts on its privacy hygiene at the same
| time.
| maple3142 wrote:
| But third party app can be more flexible. For example, I
| used a app that can let you easily crop a part of screen,
| then you can edit, image search, share, OCR than
| translate and many things just in a pop-up.
| shawnz wrote:
| Consider for example an app that lets you set triggers
| based on different events, like a hardware button
| remapping app or an IFTTT-style service. Should the user
| be able to program such an app to take screenshots?
| adrianmonk wrote:
| Writing tutorials is a common use for screenshots.
| Suppose I want to write an app that makes it easier to
| create tutorials. It could have companion software on my
| desktop computer so that when I hit the enter key, it
| captures a screenshot and transfers it to the computer.
| This would eliminate tedious steps and streamline the
| process.
|
| It might seem like a niche application, but it seems
| there is tutorial creation software for other platforms
| already. It's probably pretty useful for people working
| in IT departments.
| WesolyKubeczek wrote:
| Does one already exist?
|
| If not, why? And what are all apps that use screenshot
| APIs doing? "Worse than stock but with some branding and
| ads?"
|
| Just looked at what iOS screenshot apps offer. Mostly,
| just what I wrote above: worse functionality but with
| branding.
| JosephRedfern wrote:
| Is that not reasonable?
| shawnz wrote:
| Anyone who uses one will probably be wondering why your
| preferred method of taking screenshots always works
| whereas theirs is sometimes blocked. The problem hasn't
| really been fixed for everyone that way.
| shakna wrote:
| Which can be worked around by the user being able to set
| their default and preferred screenshot app.
| db48x wrote:
| It's a weird problem. Some application running on the
| device must accept some user event, such as a key press,
| mouse click or touch event and turn that in to a request
| for a screenshot. This is true regardless of operating
| system. I agree that it should always be possible for a
| physically present user to take a screenshot and save it,
| but how can the OS really know if its really the user
| initiating the action and not a malicious application?
| _Microft wrote:
| This exists on the web.
|
| https://developer.mozilla.org/en-
| US/docs/Web/API/Event/isTru...
| shawnz wrote:
| Even if you can be sure that the event originated from a
| real user action, that doesn't tell you that the user did
| the action with the intention of taking a screenshot. For
| example, they could have been "clickjacked" into clicking
| the screenshot button.
| JosephRedfern wrote:
| The malicious application would have to be able to spoof
| user input, which would be an issue in itself.
| [deleted]
| pengstrom wrote:
| This seems simple enough to solve. Display a modal when
| screenshoting apps marked as "secure", requiring user
| intervention. If it appears without your input, simply
| dismiss it and block the screenshot. This allows users to
| screenshot when they want to.
| shawnz wrote:
| I like that solution. Although it doesn't solve the
| Snapchat use case, but maybe that is a good thing.
| floatingatoll wrote:
| Apps are alerted on iOS, too. Have been for years.
| bdcravens wrote:
| Yes, but fortunately the apps on iOS can't block an OS-level
| feature, only take action in their app
| floatingatoll wrote:
| https://screenshieldkit.com/ doesn't seem to agree, though
| I have no idea if they're still effective two years later.
| phendrenad2 wrote:
| This problem really reminds you that Android is Linux. Everything
| is a file, even the bugs.
| jaspergilley wrote:
| Well...Linux plus rootkit preventing you from doing what you
| want on a device you've paid for
| dannyw wrote:
| It's blocking you from taking screenshots today. It's blocking
| you from disabling location services tomorrow.
| lern_too_spel wrote:
| This is a bug with incorrect handling of the .nomedia file. iOS
| already doesn't allow you to disable location services. That is
| intended behavior.
| nexuist wrote:
| What are you talking about? You can easily disable location
| services on any Apple device.
| lern_too_spel wrote:
| But if you disable location services, you cannot get your
| location at all. This is unlike more privacy-respecting
| platforms like Android, which let you get your location
| from the GPS sensor without enabling location services.
|
| Suppose Apple occasionally sent "anonymized" screenshots
| back up to Apple as part of "screen services." You could
| say you could disable screen services by not turning on the
| display, and that is what disabling location services is
| like on Apple devices.
| kmeisthax wrote:
| That sounds like a bug on Android's part. If you disable
| something called "location services", then you would
| expect that the GPS sensor no longer works.
| lern_too_spel wrote:
| Why would you expect that? If you deny an app the
| location permission, you would expect that the app cannot
| use GPS, and that is exactly what happens on Android. If
| you want faster location information in return for
| sharing "anonymized" location information with Google,
| you can optionally turn on location services to do so.
| This is considered a big enough privacy invasion that
| Android devices with Google services ask the user about
| it on initial set up.
|
| On iOS, if you want to get your location at all via _any_
| app, even an app that keeps the locations it receives on
| the device, you automatically consent to having your
| location sent to Apple, and Apple doesn 't even tell the
| user that they're doing this unless they go out of their
| way to find the privacy policy.
| parksy wrote:
| That's when I throw my phone in the bin, really.
|
| Everyone acts like we're all subservient slaves but we all have
| our limits.
| swebs wrote:
| They already block you from disabling location services if you
| want to use bluetooth.
| unethical_ban wrote:
| How is this true? I can easily disable location in apps and
| in settings.
| Polylactic_acid wrote:
| Its slightly wrong. You can't allow an app to scan for
| bluetooth devices without giving it location permissions
| because bluetooth scanning can be used to detect precise
| location.
| jaspergilley wrote:
| Jesus, I had no idea. Remind me to never, ever switch to
| Android
| meibo wrote:
| This works exactly the same way on iOS or any device that
| supports Bluetooth low energy, since it allows very fine
| grained location detection. Try it yourself.
|
| This has caused some issues for covid apps since, to use
| BLE on Android, you need to request the location permission
| - which people were naturally afraid to do.
| eertami wrote:
| If this is truly a problem for you, your statement should
| be "Remind me to never, ever use Bluetooth". It is nothing
| to do with Android.
| toast0 wrote:
| My understanding is this is a little bit more nuanced.
|
| For an app to use bluetooth, it needs location permissions as
| well as bluetooth permissions. Reportedly, this is to prevent
| an app from using bluetooth beacons to determime your
| location without permission.
|
| Otoh, it sucks for bluetooth stem toys; you can't use them on
| an Amazon Fire tablet in a kid's profile, because location
| permissions are not allowed for kids' profiles.
| nexuist wrote:
| It should be noted that there are legitimate reasons for
| blocking screenshots; on corporate managed devices handling
| sensitive data e.g. files or PDFs for example. Obviously if the
| device is owned by the company then the company is well within
| its rights to control what functionality is available (just as
| a solo user is within their rights to control what the device
| is doing at all times). This is a bug where the device is
| somehow being tricked into thinking this functionality has been
| disabled by its owner, when in reality it has not been.
|
| There are also legitimate reasons for blocking the disabling of
| location services. If I have devices with proprietary
| applications or access to proprietary data sitting in a secured
| room, I want to make sure nobody can take that device out of
| the room, and if they do, the device should enter some sort of
| lockdown or sleep mode so as to prevent the leaking of
| sensitive information. This is a legitimate feature that would
| make sense to implement on commercial (not consumer) devices.
| That the OS ships with the ability to disable disabling
| location services is not an indictment on the OS - it is only
| an indictment if the OS does so without your permission.
| ssivark wrote:
| > there are legitimate reasons for blocking screenshots
|
| Couldn't someone anyways display the content on one screen
| and take a photograph with another device. For text content,
| the degradation of image quality doesn't even matter. Doesn't
| that make screenshot-blocking a pointless exercise?
| Upvoter33 wrote:
| just buy one more phone, you know, the one to take pictures of
| the other phone with. :)
| vaccinator wrote:
| First they block the sd card and now screenshots because they
| dont trust their app review process?
| vaccinator wrote:
| So much for a safe app store
| bigjimmyk3 wrote:
| This seems to be in the same vein as "you can't be allowed to
| record your call audio," I suppose because you might
| theoretically use that capability to break the law.
| ashtonian wrote:
| So effing stupid. Every company/ vendor has automatic call
| recording but the prescience is that I as an individual am too
| much of a child to take legal liability for recording..
| Infuriating. I pay for ring central just so I can record my
| calls. Even they want to give a warning prompt, had to
| customize the warning to be an empty message.
| Dahoon wrote:
| You clearly didn't even click the link. It's a bug report....
| heavyset_go wrote:
| Anti-trust action against Google and Apple for holding the mobile
| OS and app distribution market hostage for over a decade cannot
| come fast enough.
| Cantbekhan wrote:
| Alternatively on Android you can use Smali Patcher
| https://forum.xda-developers.com/apps/magisk/module-smali-pa...
| with a rooted Android. This program will generate a magisk module
| that will enable disabling the secure flag for the pesky apps
| disallowing screenshots. It will also allow you to enable mock
| locations. At your own risk.
| m4rtink wrote:
| Today they take away the ability to make screenshots - what will
| they take away next ? Being able to run your own scripts and
| binaries ??
|
| No! They already took that away in Android 10...
| https://github.com/termux/termux-packages/wiki/Termux-and-An...
| dvduval wrote:
| I will especially hate this when I'm trying to translate
| something. If I can't copy and paste text into a translate app,
| the next step would be to take a screenshot and then use OCR. Of
| course if I'm really determined there are ways to still do a
| translation. I can only imagine what sort of problem is mighy
| arise for someone with accessibility issues.
| flyinghamster wrote:
| What's exceptionally stupid is that all I have to do is point a
| camera at the screen. DRM for the fail, yet again.
| shawnz wrote:
| It's a security measure, not a DRM measure. The risk of
| pointing a camera at the screen is not the kind of attack which
| this is meant to prevent.
| neallindsay wrote:
| ...what kind of attack is this meant to prevent?
| crazygringo wrote:
| A bunch of comments here are assuming this is something
| intentional on Google's part.
|
| Simply from the error message alone, it's _obvious_ that this is
| a bug. As well as from how easy the workaround is.
|
| Google might do many things wrong intentionally, but I see zero
| evidence this is one of them. Just a bug, folks.
| mavidser wrote:
| Yeah, the comments seem to imply a case of 'commenting before
| reading the content' behavior to me.
| solinent wrote:
| > it's obvious that this is a bug
|
| If someone were to prevent screenshots intentionally, and I had
| mal intent, I would make my best effort to make it seem
| unintentional.
| snupples wrote:
| Yes. Yes. First assume malice. Then any wild explanation will
| do.
| arnaudsm wrote:
| This is a feature: FLAG_SECURE is real and used by many apps.
| i.e. Chrome's Incognito mode.
|
| Sure, you have workarounds for power-users, but Google is
| locking the Android ecosystem progressively for regular users.
| Just like the Manifest v3 for Chrome.
|
| Maybe Google is doing the "Embrace, extend, and extinguish"
| strategy that worked really well for Microsoft in the past.
| crazygringo wrote:
| Do you have any evidence for that?
|
| The thread is about behavior caused by a presumably erroneous
| ".nomedia" file residing in certain users' screenshot
| folders.
|
| The FLAG_SECURE feature doesn't appear to have anything to do
| with that. Two entirely separate things, unless you can show
| otherwise.
| arnaudsm wrote:
| The thread describes a bug indeed, but the feature really
| exists.
|
| Quoting the Android SDK reference : "FLAG_SECURE [...]
| Treat the content of the window as secure, preventing it
| from appearing in screenshots" [1] Try to screenshot while
| in Chrome's incognito, you'll see it in action.
|
| [1] https://developer.android.com/reference/android/view/Wi
| ndowM...
| umvi wrote:
| > "Taking screenshots isn't allowed by the app or your
| organization."
|
| To me that implies Android supports individual apps locking
| down your device so that you can't use certain features (like
| screenshots) while the app is open.
| m45t3r wrote:
| iOS and PS4 also does have this block if the developer wishes
| to do so (generally for "security" reasons).
| grenoire wrote:
| or for DRM reasons...
| Spivak wrote:
| Nah, the DRM on iPhones is much stronger than screenshot
| protection. When you're watching DRM protected media you
| can still take screenshots but the part of the screen
| that has the content will be blacked out. Basically all
| forms of reading pixels from DRM windows just return
| nothing.
| userbinator wrote:
| That's "hardware overlay", not exactly DRM (it's been
| there on PCs for a _very_ long time) but certainly leans
| in that direction.
| Polylactic_acid wrote:
| It works different, you can always screen record but apps
| can detect it and stop playing content while the screen
| is recording.
| machello13 wrote:
| I don't think iOS does have a way for apps to disallow
| screenshots. Do you have a source?
| roywiggins wrote:
| Android has had that as a feature for quite a while.
| kevincox wrote:
| For example Netflix uses it. Want to tell a friend how
| amazing this show is? Not on Netflix's watch!
| umvi wrote:
| Well if it does, I should have absolute power to disable
| it. My phone, my screenshots.
| Thomashuet wrote:
| This is meant for company provided phones. So it's not
| your phone, it's your company's phone.
| zachberger wrote:
| individual apps can prevent screenshots as well. My bank
| doesn't allow screenshots in it's app.
| simonh wrote:
| It does, many bank and commerce apps use it to prevent
| malware screen grabbing account and payment details.
| grawprog wrote:
| I'm a bit confused, reading through comments here, this seemed
| like some nefarious issue, reading the conversation thread in the
| op though it seems like an error with the .nomedia file in the
| folder that's fixed by either appending a second dot to the front
| of the file name or removing the file.
|
| I'm still unclear whether this was some intentional issue or an
| error.
|
| The fix seems easy enough, if a bit opaque and non-obvious.
|
| That thread's also from September, does this issue still exist?
| sdwolfz wrote:
| You can use scrcpy (https://github.com/Genymobile/scrcpy) to
| bypass the policy if you really need to have a screenshot. All
| you need is to have a Linux laptop at hand, debug mode enabled,
| and a USB cable plugged in. Super simple stuff right? (this is
| satire!)
|
| Now, I'm as frustrated as anybody else here that I'm forbidden to
| use whatever feature I want from MY phone, for which I paid, with
| MY MOENY (and nobody else's apart from mine). But then again,
| what choice do I have? Not buy a phone? Switch to what? There are
| no viable and practical alternatives. It's a "take it or leave
| it" situation.
| graham_paul wrote:
| Simplest way is to use another phone to take a screenshot
| anticristi wrote:
| I actually had to do that due to an app not having a feature
| to export a receipt and not allowing me to take a screenshot.
| Felt pretty brain-dead and dumb, if you ask me.
| reaperducer wrote:
| _Simplest way is to use another phone to take a screenshot_
|
| That's not a screenshot. That's a photograph.
| kps wrote:
| This year, sure. Next year's phones will probably refuse to
| photograph copyrighted design elements. But that's OK because
| you can always use a film camera and develop it yourself and
| hand-deliver a print.
| alufers wrote:
| AFAIK this does not work with apps which have purposefully
| disabled screenshots, the Android UI is visible on scrcpy but
| the contents of the app appear black.
|
| What is interesting is that Android appears to be rendering
| every frame two times, because when I scroll down the
| notification drawer, which contains some semi-transparent
| elements under which you can see the restricted contents on the
| screen of the phone, but on scrcpy the transparent elements
| have black under them.
|
| The same thing happened when I wanted to use my Android TV as a
| poor man's HDMI grabber.
| sdwolfz wrote:
| I've tried it with the Tesco Clubcard app which has
| screenshots disabled. Also tried it out with some "Charles
| Schwab" app somebody else said they had problems in a reply
| here, scrcpy can record the screen perfectly.
|
| EDIT: also tried recording a youtube video in firefox private
| mode, worked, but without the sound.
| gen_greyface wrote:
| scrcpy works with mac os too, iirc
| BuildTheRobots wrote:
| and windows as well...
| dghughes wrote:
| > Now, I'm as frustrated as anybody else here that I'm
| forbidden to use whatever feature I want from MY phone, for
| which I paid, with MY MOENY
|
| Samsung disabled the oxygen sensor (SPO2) on their phones for
| Canada. For other countries they moved access for the SPO2
| feature further into the Samsung Health app. But for Canada
| SPO2 sensor access is gone not accessible.
|
| No warning (probably buried in an email) just one day my SPO2
| sensor stopped working. I suppose it was due to some legal
| thing but it certainly pissed me off. I'm never buying Samsung
| again why blow $1000 on a phone only to have physical hardware
| disabled?
| artificial wrote:
| If you're geeking out on health data, would you entertain an
| Apple Watch? It features an O2 sensor which to my knowledge
| hasn't been neutered. Do you think it's a patent issue? I
| recall Apple modifying the active noise cancellation in the
| AirPods Pro.
| nojs wrote:
| Apple does the same thing with the ECG feature - it's
| frustratingly disabled on my Apple Watch for regulatory
| reasons based on region.
| wlesieutre wrote:
| They tell you up front though, as far as I know they've
| never sold a health sensor into a country and then
| disabled it later, which is what it sounds like parent
| comment is describing
| Polylactic_acid wrote:
| Thats because of legal reasons. ECG is a medical feature
| that most countries require meets medical accuracy
| standards which it likely does not in many countries.
| runamok wrote:
| Maybe some kind of patent infringement settlement in that
| area? Or liability? A specific region feels like an ip or
| legal issue...
|
| I see this thread below and there is a phone number you could
| call to get answers. I believe there are legit sites with
| older versions of apks you might try as a test.
|
| https://us.community.samsung.com/t5/Samsung-Apps-and-
| Service...
| grishka wrote:
| > But then again, what choice do I have?
|
| Unlock the bootloader, install Xposed and this module:
| https://repo.xposed.info/module/fi.veetipaananen.android.dis...
| sdwolfz wrote:
| Won't unlocking the bootloader make banking apps not work
| anymore? Had this issue when I tried LineageOS on my old
| phone, and I really like the convenience of those apps as
| opposed to using the website, which is extremely bad.
|
| Also, how do I do all you said above? (I need a step by step
| tutorial). Also is it reversible? Are there any other
| security implications?
| swiley wrote:
| >make banking apps not work anymore
|
| If you live in a country where you _have_ to use your phone
| for banking and can 't use the web then you need to talk to
| your politicians. That seems like a pretty extreme
| violation of your freedom.
|
| As much as I dislike the US at least we don't have _that._
| Jonnax wrote:
| Violation of someone's freedom is a pretty silly stance,
| when there's plenty of banks to choose from.
| jlokier wrote:
| Some banks and bank-like products only make themselves
| available by mobile app. It's a commercial decision, and
| seems to have been a trend with some "challenger" banks.
|
| I have two of those, and I chose them because of unique
| banking features (not the mobile app) not offered by
| other banks which I found valuable. It's nothing to do
| with the country.
|
| To be honest it would be nice to have web access as well
| (or even phone banking), but we take what we can get.
| berdario wrote:
| I recently opened 3 bank accounts.
|
| It's not only the challenger banks: nowadays banks will
| also encourage you to use their app for 2FA. You can use
| a proprietary token instead, but you'd have to pay for it
| (the app instead is free). 2FA sms is not supported with
| some banks (and that's good).
|
| I think the UK is an exception, since for 2 of the banks
| I had accounts with, they just used a 2nd "memorable"
| password as "2FA" (avoiding the requirement of a
| smartphone)
| toastal wrote:
| In Thailand the bank I have, Kasikorn, charges for ATM
| usage outside of the registered province even from the
| same network... UNLESS you use their cardless withdraw
| that uses some QR code for TOTP that requires the app
| (that will attempt to block phones with root access). You
| can use the website as well for some things, but it
| requires SMS-based OTP with no supported alternatives.
|
| I'd switch banks or at least branches to this new
| province, but my current visa won't allow it (and for
| whatever reason, you cannot transfer accounts but need to
| open a new one).
| kevin_thibedeau wrote:
| It's never safe to bank from a computer you can't
| control. I would always consider a phone to be
| compromised. These are the richest targets going for
| exploits so why risk it.
| yiyus wrote:
| In which kind of bubble do you live where not making web
| apps available for your clients is seen as an extreme
| violation of freedom? As long as it is possible to go to
| the bank to do whatever you need to do, I do not think
| politicians have anything to say.
|
| Sometimes you don't have to, but it's much more
| convenient. For example, I can use my bank app just with
| my fingerprint. To use the web app, I either have to
| login with my phone (reading a QR code) or have to use
| one of those devices where you insert your card and enter
| a couple of codes (if I find it...).
| m4rtink wrote:
| Dictating what you can use on a device you own or else
| they won't do business with you is rude & clear violation
| of one's freedom.
| yiyus wrote:
| If some bank tells me I have to use certain app to make
| business with them, it's my choice to do it or not, but
| they are not violating my freedom. And I find saying this
| is an "extreme violation of your freedom" insulting for
| those who are actually seeing their freedom violated.
| sdwolfz wrote:
| I live in the UK and have used 5 banking apps so far (not
| all of them at the same time):
|
| - Barclays (App won't work with LineageOS, website is
| horrible).
|
| - Monzo (App only, no website, works with LineageOS).
|
| - Revolut (App only, no website, works with LineageOS).
|
| - TransferWise (Web and App, both work well, but never
| tried it on LineageOS).
|
| - ING Home Bank (App won't work with LineageOS, website
| is manageable, but still a pain compared to the app).
|
| Of course I don't _have_ to use any of these, but there
| are clear advantages to using any of them, depending on
| the situation (you wouldn 't take a mortgage from
| TransferWise, split bills with Barclays, and hold foreign
| currency in Monzo, mainly because they don't support
| that). Also you don't _have_ to use a phone, just walk
| around without one, make people email you instead of
| calling, and ask people for directions instead of looking
| at a GPS map.
|
| My point is, I paid for my phone (me alone, nobody else
| chipped in) so I want to use every feature it provides
| without restrictions, as it is my property. That goes for
| both taking screenshots and using apps. And when it's not
| possible, I look for alternatives. Right now none are
| practical, nor feasible, so all I got left are tricks
| like scrcpy and rants on forums ;).
| [deleted]
| thederek512 wrote:
| Monzo have a pretty comprehensive API that you can build
| your own web based interface around if you wish. If you
| look on github a ton of people have done that, all you
| need to do is clone the repo, plop in your Monzo api key
| and the jobs a goodun.
| fyfy18 wrote:
| Are there any banks that provide EUR accounts that do the
| same (Monzo is GBP only)?
| calcifer wrote:
| Yes, Starling.
| loriverkutya wrote:
| Both Monzo and Revolut have website access.
| sdwolfz wrote:
| No, unfortunately this is wrong.
|
| Monzo only seems to have and login for their business
| accounts. For personal accounts it's still phone only.
| And business accounts are a recent addition.
|
| Revolut has login now, but you can't do anything there,
| except viewing your balance and blocking your card. And
| this is a new thing, maybe and beta version, otherwise
| they would have officially announced it somewhere, like
| in the bragging emails they like to send from time to
| time.
| zrobotics wrote:
| Question: if there's no website, how TF are you supposed
| to use Monzo or Revolut from a proper computer? Is there
| really no way to do something simple like xfer money or
| view balance without using your phone? If so, why did you
| even open an account, I'm assuming that since you are on
| this site you are at least a little bit technically
| inclined.
|
| Just looked, and apparently Revolut is 1) app only 2)
| tied to a mobile number. So not only is it annoying to
| use, but likely also susceptible to sim jacking. Again,
| why would anyone want to use this; I hate having to deal
| with wells fargo (they bought a loan I have) but even
| they seem less crappy. Not trying to hate on OP, I'm just
| shocked at how crap their service appears to be.
| literallycancer wrote:
| Revolut app doesn't break itself just because the phone
| is rooted though. It's mostly the dinosaur banks trying
| to do your thinking for you.
| sdwolfz wrote:
| > Question: if there's no website, how TF are you
| supposed to use Monzo or Revolut from a proper computer?
|
| You can't. That's why you don't use them for serious
| work.
|
| > why did you even open an account
|
| Different use cases, different circumstances. I don't
| depend on them but they give good exchange rates and zero
| fees when transferring or spending money abroad. It's the
| "it just works" and "fast and cheap" effect that the
| traditional banks don't have. And opening an account is
| done online, and you get access to your account in hours,
| compared to Barclays which took 2 months of ping pong,
| when I first moved into the UK (since I did not have a
| bill issued in my name at my UK address I could not open
| an account, so I could not pay my landlord rent so I
| could get an address to open an account, fun times).
| Without that Monzo account I could have not been paid in
| my first 2 months.
|
| But if you want to know how crap Revolut really is, try
| contacting their support to report a bug in their app,
| they don't have an email, but instead ask you to get in
| touch with them on Facebook.
| zrobotics wrote:
| Oh wow, that's even worse than I thought. Thanks for the
| explanation, that does make sense. I wonder if they could
| get in trouble for AML, or possibly Barclay's is just
| being overly picky with who they want as customers.
|
| But seriously, not even a support email? Good God, I
| would trust PayPal with my money more than that; but I
| suppose they needed to hit all the fintech bingo
| buzzwords.
| sdwolfz wrote:
| They have to do a KYC (know your client) check, which I
| assume they do a credit check on you, probably via
| Experian or another one of these. You also send a picture
| of your ID, and record a video of yourself saying "Hello,
| I'm $NAME and I want to open an account with $COMPANY".
|
| The Barclay's part is just an old practice. How I ended
| up doing it after two months was by having a letter from
| my employer stating that I'm registered with them at a
| particular address. But what I learned from somebody else
| that went through this, after those two months, is that
| they could have said my "home" address was the address
| the company is registered at instead. This is how they've
| used to do it with other people that have hit this
| problem, it just didn't occur to me to ask for something
| like this, and it didn't occur to them to suggest this
| either since they assumed I had everything in order
| (since I already submitted my Monzo account for salary
| payments).
| fulafel wrote:
| The how depends on the phone model, but there are step by
| step instructions available for many. Eg https://www.xda-
| developers.com/google-pixel-4-root-magisk/
|
| Also, if the phone has a vendor supported way of unlocking
| the bootloader, it will typically also trigger a wipe /
| factory reset (presumably because to keep DRM enforcers etc
| happy).
| Zak wrote:
| The factory reset is to prevent extracting data from
| stolen devices. It's obsolete if the device is encrypted.
| dheera wrote:
| > Won't unlocking the bootloader make banking apps not work
| anymore?
|
| Is it not possible to unlock the bootloader but modify the
| OS tell apps that the bootloader is locked no matter what?
| Can we do this with Xposed?
| ziml77 wrote:
| It's a cat-and-mouse game and unfortunately over the past
| handful of years it's been a losing battle for root
| hiding. It's why I gave up bothering with root despite
| having done it for nearly a decade.
| grishka wrote:
| > Won't unlocking the bootloader make banking apps not work
| anymore?
|
| Depends on how paranoid your bank is. There's this
| SafetyNet thing that checks for "system integrity". It's
| part of Google Services. _For now_ , it's possible to
| bypass these checks using Magisk, but I've read that Google
| is testing the new method involving TrustZone -- a hardware
| trusted execution environment within the SoC where you
| aren't one of the trusted parties.
|
| > Also, how do I do all you said above? (I need a step by
| step tutorial).
|
| There should be plenty on xda-developers.com
|
| > Also is it reversible?
|
| On Google devices, yes, completely. You can reflash the
| factory images that Google provides and relock the
| bootloader. On others... it varies, on Samsung especially.
|
| > Are there any other security implications?
|
| If you leave the bootloader unlocked, anyone with physical
| access to your device will be able to reboot it into the
| bootloader and load arbitrary code with OS kernel
| privileges. From there they'll be able to modify the
| installed system. They won't be able to read the /data
| partition [right away] because it's encrypted with your
| password/pattern.
|
| IMO it's really a shame you can't re-lock the bootloader
| with your own signing key.
| opencl wrote:
| You _can_ re-lock the bootloader with your own signing
| key on Pixels. GrapheneOS seems to be the only third
| party ROM currently taking advantage of it.
| grishka wrote:
| TIL about `fastboot flash avb_custom_key`. Certainly
| better than nothing, but seeing how it shows a warning on
| each boot in this mode, it most probably trips SafetyNet
| as well.
| 0xdeadb00f wrote:
| There is another called Replicant IIRC.
|
| But it requires you to set up your own build + signing
| server in AWS.
| neurostimulant wrote:
| Your mileage might vary, but I'm using 4 banking app (one
| of them even disallow taking screenshot in Android 10) but
| they are working on custom rom (lineageos) with unlocked
| bootloader as long as I don't install root.
| dastx wrote:
| In case you want to root, you can use magisk hide to
| prevent banking apps from knowing you've rooted.
| mindslight wrote:
| The worst I've found is a few apps that complain and push a
| bullshit scare story at you ("your device is insecure" LOL.
| My house is technically less secure because I have a key to
| it, too). Bank accounts are commodities and most banks have
| no monthly fees with no minimum balances. The easy answer
| is to choose banks based on who _doesn 't_ engage in user-
| hostile shenanigans (see also: snake oil "2FA"). Moving
| between accounts over the course of a few months is quite
| easy, especially if you do not write checks.
| dheera wrote:
| Does Xposed support Android 11 yet?
|
| Can anyone vouch for this Xposed alternative that seems to be
| more on top of Android releases than Xposed, but also seems
| closed source?
|
| https://taichi.cool/
| jimlikeslimes wrote:
| Google's play store requires screen grabs of payment screens
| when submitting. They recommend you photograph the phone with
| a separate device...
| BlueTemplar wrote:
| :facepalm:
| distances wrote:
| Maybe you could run the app in an emulator and take
| screenshots on the host computer?
| [deleted]
| zrobotics wrote:
| Sadly reminds me of the very early days of online video,
| where speed runners would video their televisions because
| screen capture devices were terribly expensive.
|
| What's old is new again?
| reaperducer wrote:
| _What 's old is new again?_
|
| I'm not so sure. Back in my Windows days (95? 98, maybe?)
| if I played a DVD on my computer, the window that the
| video was playing in would be black if I took a
| screenshot.
| toast0 wrote:
| A lot of early computer DVD playing was using hardware
| accelerated decode, with the resulting images bypassing
| the framebuffer. That means it won't show up on your
| screenshots, but it wasn't necessarily detecting a a
| screenshot and blanking the output (although, once
| software decoding was feasible, that may also have
| happened).
| eznzt wrote:
| I remember this. I also remember the colour of the video
| window was something like 030303 and if you had that
| colour on any other window (including your wallpaper) you
| would see the video there as well.
| vagrantJin wrote:
| All those highly paid, highly educated people really and
| truly believe this to be a solution?
| sbarre wrote:
| They absolutely do not, but this is the bullshit they
| choose to hide behind.
| jimlikeslimes wrote:
| Sorry, it was the Google Pay verification not play store.
| I did it a few weeks ago, might have misread it but
| pretty sure that's what they wanted.
| exikyut wrote:
| Yes. Taking a photo with a separate device is reasonable
| evidence you're not breaking secure boot et al.
|
| If I understand correctly.
| yholio wrote:
| It's as if the last 30 years of technical evolution never
| happened and we are back at faxing signed forms and for
| extra security and applying triple rot-13 to guarantee no
| unauthorized access.
| darepublic wrote:
| Yeah the big tech companies want to destroy the ecosystem
| of opportunity they benefited from, in order to protect
| their power. If it means a world with more needless
| bullshit for everyone, so be it
| warent wrote:
| that can't be true because nothing would stop them from
| taking a screencap and then photoshopping it over a
| different picture
| inquirerofsorts wrote:
| > Unlock the bootloader
|
| A dangerous game on anything other than Xiaomi phones these
| days, the only company to provide official bootloader unlock
| software, but yeah otherwise, go download it from some shady
| website and not have a care in the world about the most
| sensitive device you own.
|
| > install Xposed
|
| Last updated 2014 :\
|
| You'd be safer shooting heroin into your eyeballs than
| installing Android root software from 6 years ago.
|
| How on Earth is this advice allowed here?
| inquirerofsorts wrote:
| Prove me wrong anytime folks, I'm sure you can at least
| flail around and try, or at least mash the squeal button
| that you all like so much.
|
| How exactly do you unlock bootloaders from modern phones
| (past 2 years)? You get jailbreaks from the internet and
| sideload them right? Do you disassemble the binary code?
| Does it void your warranty? Which mobile device
| manufacturers offer official bootloader unlocks today?
| There's only one I know of.
|
| Did i happen to mention the big bad China company in a good
| light to warrant such disdain for my _as yet undisputed_
| comment? Is that the problem here?
|
| [:)] https://repo.xposed.info/module-overview
| pmontra wrote:
| My Samsung A40 from 2019 has an unlock bootloader option
| in the Developer Options. I didn't check what it does
| neither I googled it but it's promising.
| BenjiWiebe wrote:
| The presence of the "Allow OEM bootloader unlock" is NOT
| an indication that the bootloader is unlockable, sadly.
| j16sdiz wrote:
| Most samsung phone are unlockable. But it have a e-fuse
| to prevent you re-locking it
| kclay wrote:
| You install adb from Google and run one command. That's
| how you unlock a bootloader.
|
| As for root, yes you have to install something which is
| Magisk which is open source and vetted and had been
| around for around 5+ years.
|
| My wife that has never done it just did it for her new
| pixel 4a a few weeks ago. All I did was direct her to a
| step my step tutorial (I vetted the tutorial) and she did
| it flawlessly.
| detaro wrote:
| Motorola also has official bootloader unlocking.
| ranger207 wrote:
| Xposed has been replaced by EdXposed
| literallycancer wrote:
| There are definitely more manufacturers that provide an
| official way to unlock. For some others you have to remove
| the backplate and short some pins or whatever. These days
| it's probably more convenient to just use one of those root
| boxes though.
| hobby-coder-guy wrote:
| > with MY MOENY (and nobody else's apart from mine).
|
| Is this satire?
| foxhop wrote:
| I wanted to screenshot my Charles schwab app the other day and
| got blocked... was so mad but never found a way to do it.
| Samsung Note 20 Ultra.
| sdwolfz wrote:
| Just tried scrcpy out with that app, I can definitely record
| the screen, on a Note 9.
| simonh wrote:
| It's probably to prevent malware from screenshot grabbing
| account and payment details.
| crehn wrote:
| Is there any situation on iOS where a screenshot cannot be
| taken? (serious question)
| S_A_P wrote:
| Netflix(and I suspect anything displaying streaming media) is
| one for sure. The screen record only displays a black screen,
| but you can capture audio...
| l3s2d wrote:
| Yes, try taking a screenshot of DRM protected content
| (Netflix, Hulu, etc.). The content will be blacked out.
|
| That said, because of how DRM works, I doubt the video data
| is available to any userspace applications.
| 1vuio0pswjnm7 wrote:
| The upgrades being provided are for the purpose of maximising
| the value to you of what you paid for with your money (and
| nobody else's).
|
| It is not like the company is making ongoing changes that
| benefit the company's business at your expense.
|
| (This is satire.)
|
| In some cases, life is easier when you decide "I do not have a
| choice". This allows complaining to be substituted for having
| to make hard choices and taking responsibility for the
| consequences.
| andybak wrote:
| > bypass the policy
|
| Bypass what policy? The post seems to be about a bug when you
| use .nomedia in the snapshots directory.
| sdwolfz wrote:
| The security policy that prevents you from taking
| screenshots. Bug or intended, it's the same functionality.
| andybak wrote:
| Any idea when it actually applies? Have you seen it in the
| wild? I don't recall having that message appear
| legitimately at any point but I guess it might be for
| corporate phones.
|
| Any Android devs know if it's something that any arbitrary
| app can turn on?
| sdwolfz wrote:
| Try the Tesco Clubcard app. On taking a screenshot you
| will get a toast saying: "Can't take screenshot due to
| security policy".
|
| This is what I'm referring to in my post above.
| andybak wrote:
| Like "disable right click" on websites I really struggle
| to see how this is useful to Tesco in any way. It's
| trivial to bypass.
|
| What's their threat model here?
| crummy wrote:
| I don't know about Tesco but I believe it's common on
| bank apps to prevent malware from screen grabbing your
| details when your bank app is open.
| anonymou2 wrote:
| Sorry but it is not really your phone if it runs proprietary
| software. It is like in medieval times, you didn't own the
| means of production. Welcome your new digital overlords!!
| reaperducer wrote:
| _Sorry but it is not really your phone if it runs proprietary
| software_
|
| There isn't a mobile phone on the planet that doesn't run
| proprietary software at some level.
| fsflover wrote:
| Strictly speaking you are right, but Librem 5 [0] is going
| to get Respects Your Freedom certification from the Free
| Software Foundation, which is a high bar. If it's not
| enough for you, see also: Precursor [1].
|
| [0] https://en.wikipedia.org/wiki/Librem_5
|
| [1] https://www.crowdsupply.com/sutajio-kosagi/precursor
| cogburnd02 wrote:
| FSF also supports Replicant which works with refurb'ed
| (older) phones now.
|
| I own a Galaxy S3 & intend to get Replicant running on
| it.
| fsflover wrote:
| All Android phones require proprietary blobs for many
| functions, even for booting. S3 with Replicant will have
| no Wi-fi, Bluetooth and so on:
| https://tehnoetic.com/tehnoetic-s3-phone-replicant.
| m4rtink wrote:
| Also PinePhone is much closer to the ideal on a practical
| level than Android/iOS phones.
| pengstrom wrote:
| Well, we don't own the means of production today either.
| chordalkeyboard wrote:
| You do if you own stock.
| ClumsyPilot wrote:
| And what can you do with it?
| chordalkeyboard wrote:
| You accrue the benefit of owning capital which is rents
| on capital in the form of dividends.
| smolder wrote:
| Owning a fragment isn't quite the same as owning the
| whole thing. Majority stock ownership would be close
| enough.
| chordalkeyboard wrote:
| Most people don't have the money to afford to own an
| entire factory, and if they did its still more secure for
| them to diversify by owning many pieces of many factories
| in different industries, that's why capitalists figured
| out how to commodify the means of production as stocks.
| Its not quite the same, its _better._
| smolder wrote:
| It's not strictly better, no. As a minority shareholder
| in Google I have effectively no power to make them stop
| ruining the internet. Majority control is what gets you
| something like full ownership, just with some other risks
| and benefits.
| chordalkeyboard wrote:
| Majority control requires a lot of wealth, you don't have
| majority control of Google because you don't have that
| much money. You have no reason to expect a person like
| yourself to be able to control the amount of capital
| assets that Google represents. Your access to the means
| of production is dependent on your ability to buy into
| them and stock allows you to do that in small increments.
| If it weren't for stock you still wouldn't have control
| over anything like Google.
| anonymou2 wrote:
| That was my point, we are no better than in medieval times.
| One can however run things like Replicant (I do) and I am
| aware of some better alternatives like linux phone,
| pinephone and librem5. I want to learn more about them
| before my old Replicant phone dies.
| supernova87a wrote:
| There is a kind of half-formed philosophy out there which
| believes we can get back to some false utopian small-
| collective agri-mercantile worker paradise.
|
| It doesn't exist, and never did. Learn how to adapt and make
| the most of the systems that exist now.
|
| I dare to say, if you even actually achieved those
| fantastical scenarios, the damper on economic and population
| prosperity would be such that you might not have been
| conceived to wish for it.
|
| It's a little extreme to let a mobile phone's operating
| system call for the revamp of our economic systems.
| cat199 wrote:
| > Learn how to adapt and make the most of the systems that
| exist now.
|
| if this were the attitude, the free software that android
| is built on wouldn't have existed in the first place...
| crehn wrote:
| They're mutually exclusive; I'm sure GP meant it in a
| pragmatic sense.
| anonymou2 wrote:
| Make the most that the owner of the proprietary OS allows
| you to. I am very thankful of all the people that have been
| writing free (as in freedom) software which allows us to
| have alternatives. I do not know about any small-collective
| agri-mercantile worker paradise, but I am so happy that I
| can still run Replicant and use things like Mutt+vim+gpg
| for email. Free software is now more important than ever.
| jtxx wrote:
| Linux phones!!! There's still a lot of dev work to be done but
| this is exactly why I'm on board with the pinephone. not a
| daily driver yet, but if you're a programmer looking for
| something to contribute to, go check it out
| reaperducer wrote:
| _There's still a lot of dev work to be done_
|
| An incomplete choice is not a choice.
|
| He wants to cross a bridge without paying a toll. Telling him
| that he can take a rickety bridge, an unsupported bridge,
| build his own bridge, or wait for a new bridge to be finished
| doesn't get him to the other side.
| hutzlibu wrote:
| He can continue to use the restricted bridge, but if he
| want to use the free bridge soon, he can support building
| that bridge, today.
| javert wrote:
| That's not helpful. Whereas the comment you are responding
| to is helpful (at least to some of us).
| LMYahooTFY wrote:
| You're right but I think you're missing the point. I read
| that as a call to action (this is HN), not a dismissal of a
| problem.
|
| They're saying we're not getting a solution from the
| corporate sector, so we need to build it.
| rendall wrote:
| I crossed that bridge when I came to it - trip trap! trip
| trap! trip trap! - and lo! I heard a voice: "Who is it what
| cross my bridge? I am very hungry, and I will eat you up!!"
| Shuddering in fear, I told the hungry troll "I am but a
| tiny me. You should eat my brother who comes along soon!"
| The greedy troll, let me go, and I watched from the bushes
| as the troll gobbled up my brother. I was sad, but then
| remembered that I am still alive, not eaten
| app4soft wrote:
| > _Linux phones!!!_
|
| Android phones > Linux phones!!![0]
|
| [0] https://www.makeuseof.com/tag/how-to-linux-on-android/
| squarefoot wrote:
| They're non native chroot jails that don't solve any of the
| problems addressed by the PinePhone or any similar _native_
| install.
| fsflover wrote:
| Or, if you're not a programmer and want to support GNU/Linux
| phones, consider Librem 5.
| secondcoming wrote:
| I'm looking at Nokia again for my next phone. Just need to wait
| for reviews to start.
| dheera wrote:
| Analog loophole. Worst case you could always carry a second
| phone and use it to do screenshots. Maybe we could make an app
| to calibrate and sharpen screenshots taken by a second phone to
| make them look as good as real digital screenshots.
|
| We really need to show it to 'em who is boss. My phone
| ultimately should listen to me, not Google.
| benlivengood wrote:
| Don't use apps. Aside from games and sensor integration they
| can rarely offer more than a web-based experience. Push for
| more safe hardware sensor integration in browsers.
| amelius wrote:
| Banks often have apps which are quite useful compared to
| their web-based counterparts. Of course, it doesn't need to
| be that way, but it's the way things work now.
| ForHackernews wrote:
| God no! The browser does not need to be an even bigger attack
| surface than it is today.
| Farbklex wrote:
| Scrcpy is also available for Windows and Mac.
|
| The link here states, that the screenshot settings were
| apparently broken due to a bug. So no bad intent from Google
| here.
|
| Besides that, apps can declare their content as sensitive and
| add the `FLAG_SECURE` to their activity which then hides the
| app content form "unsafe screens", the "recent apps" screen and
| screenshots. But this is a choice of the app developer instead
| of Google.
| Zak wrote:
| > _So no bad intent from Google here._
|
| Including a feature in the OS that allows apps to prohibit
| the user from capturing the output of their own screen _is_
| bad intent.
| sdwolfz wrote:
| Not denying what you said, but I'd want a way to ignore
| "FLAG_SECURE" as a setting, so when I really want to take a
| screenshot, I should be able to do it regardless of what the
| app vendor wants to impose.
| [deleted]
| alisonkisk wrote:
| You can choose not to download their app to your phone.
| sdwolfz wrote:
| This does not end up solving the issue though. An android
| setting toggle to "Disable screenshot blocking policy
| globally" with a consent box saying "I understand the risks"
| would.
|
| As the owner of the device my desire to take screenshots of
| anything I want should come first, regardless of what
| everybody else wants.
| wojciii wrote:
| Or even better an option to disable the policy for the next
| 10 or 30 minutes which should be enough to.e to do whatever
| you need to do.
| TedShiller wrote:
| iPhone
| Dahoon wrote:
| Are you adding info on what would be even worse? Because this
| is even worse on iPhone.
| hackmiester wrote:
| When does an iPhone prohibit screenshots?
___________________________________________________________________
(page generated 2020-11-08 23:01 UTC)