[izacus]

How is messaging confidental data? Remember, FLAG_SECURE prevents users from taking screenshots themselves as well and prevents display of content in several other cases (e.g. screen mirroring).

Your conversations aren't nearly as sensitive to require such a large breach of usability.

[saagarjha]

> Your conversations aren't nearly as sensitive to require such a large breach of usability.

Yours might not be, but this isn’t true for everyone.

[oliwarner]

I think the broader point is that it stops the user doing something they want to. Something they could still do with a camera.

The flag should secure it from other apps but the user screenshot tool should be able to override it. The cap framework should be able to do this, you just need to insulate the app itself to ensure only real people can use it.

[izacus]

I'd be happy to hear about an attack vector that compromises encrypted private OS storage on Android, but does not compromise the apps view hierarchy rendered by the same OS. FLAG_SECURE is just an OS flag though.

Because your sentence just sounds like platitude without any thought behind it.

[Confiks]

Preventing screenshots and showing up in the active apps list is an option within the Signal preferences. So Signal provides a precautious default, but allows you to turn it off.

[izacus]

This is the right way to do it in my opinion.