search

GrapheneOS / PdfViewer

Simple Android PDF viewer based on pdf.js and content providers. The app doesn't require any permissions. The PDF stream is fed into the sandboxed WebView without giving it access to content or files. CSP is used to enforce that the JavaScript and styling properties within the WebView are entirely static.
https://grapheneos.org/
MIT License
610 stars 99 forks source link

Consider adding FLAG_SECURE and maybe TouchesWhenObscured #114

Open yodaforces opened 3 years ago

yodaforces commented 3 years ago

To prevent screenshots and Tapjacking attacks. Could also be optional via a toggle button.

More details can be found here in the Security section: https://developer.android.com/reference/android/view/View

FLAG_SECURE: https://developer.android.com/reference/android/view/WindowManager.LayoutParams.html#FLAG_SECURE

Source: https://cure53.de/pentest-report_mullvad_2020_v2.pdf

thestinger commented 3 years ago

I don't think we want this for the PDF Viewer app by default. It make make sense as an optional or a special mode to avoid ending up with any persistent thumbnails from recent apps but it's not currently planned.

You're greatly overestimating what this does and you're treating it as if it's something that should be used everywhere. It really isn't. It would be the default if it was meant to be used everywhere. The OS handles these things as general purpose issues already and disabling screenshots / thumbnails, etc. really isn't something critical. General issues are not handled by special casing certain things as opting out of it.

yodaforces commented 3 years ago

As your saying this should be optional because .pdf files could be of sensitive nature.