BastianZim
commented
4 years ago You might want to team up with #517
Closed tobidwest closed 4 years ago
BastianZim
commented
4 years ago You might want to team up with #517
uschindler
commented
4 years ago Siehe auch #77 für einen Feature-Request.
Ich habe das endlos versucht zu diskutieren, aber das BSI hatte gemeint, dass man Screenshots wegen den Teletans verhindern müsse. Da der Hauptteil der App nur aus einer Aktivität besteht, und Screenshots nur pro Aktivität verhindert werden können, wurde das dann durchgesetzt (obwohl es sogar Pull Requests von zahlreichen Helfern gab).
Der korrekte Fix wäre, die Krankmeldung als eigene Aktivität mit Screenshots disabled zu machen und den Rest offen lassen. Davon redet #77.
corneliusroemer
commented
4 years ago It's pretty obvious I think. We don't want anyone to demand proof by screenshot that you have the app installed or that you're low risk.
Edit: Apparently I'm wrong
Timo1993
commented
4 years ago You can use Google Assistant as a workaround for creating screenshots.
uschindler
commented
4 years ago It's pretty obvious I think. We don't want anyone to demand proof by screenshot that you have the app installed or that you're low risk.
Why is it working on iOS then? The reason for this was BSI complaining about screenshots of TeleTANs or QR codes could be stored as picture in the app preview. It was not to prevent screenshots, only the intent was to prevent sideeffct of Android making screenshots internally to show the "open apps" user interface of left button click.
By splitting the app into several activities, screenshotting the submission of infection with TeleTAN / QR code should be prevented, but not main app screens.
tobidwest
commented
4 years ago I get the point. Then how about adding a short explanation to attempted screenshots and letting the user add an advertising image when tapping the share button on the top? This way the app can be shared using applications that need an image (e.g. Instagram Story). Might be a quicker work-around until it gets split up into two activities.
tobidwest
commented
4 years ago You can use Google Assistant as a workaround for creating screenshots.
I tried about half an hor ago, this seems not to be working anymore (at least on Android 10).
kolyaopahle
commented
4 years ago see #9
uschindler
commented
4 years ago see also #41 for the discussion
tkowark
commented
4 years ago Thanks for all the suggestions. As this seems to require further explanation, we'll leave the issue open until we documented that properly.
ghost
commented
4 years ago You can use Google Assistant as a workaround for creating screenshots.
You could also use scrcpy
corneliusroemer
commented
4 years ago Thanks for all the suggestions. As this seems to require further explanation, we'll leave the issue open until we documented that properly.
Good reply :)
Spacefish
commented
4 years ago 
haug-den-lucas
commented
4 years ago Another way to still be able to screenshot the Corona-Warn-App is using some 3rd party app like "AZ Screen Recorder".
hellomrjones
commented
4 years ago Well done Developers. I will deinstall the App now. You lost my acceptance. It is MY phone and I decide what I make a screenshot of.
hellomrjones
commented
4 years ago Please don't make this cost another 5 Million to implement. Thanks
Alestrix
commented
4 years ago Please implement PR #619 ASAP. The screenshot-block as it is implemented now makes absolutely no sense. See also #625
mohe2015
commented
4 years ago @hellomrjones Be nice, this is a restriction of the android operating system. If the app is not allowed to show up in the recent apps screen you have to also disable screenshots. I agree with @Alestrix and hope that the PR or a similar PR will be considered again.
0xA1B2
commented
4 years ago I doubt that any app has the right to disable a feature of my phone. That would have to be court tested. A simple workaround to make quick screenshots without using the overloaded Google Assistant is to use "Screen Master":
https://play.google.com/store/apps/details?id=pro.capture.screenshot&hl=en
corneliusroemer
commented
4 years ago Should the community open an issue to show that they would like PR #619 or similar be implemented? Right now, this issue here just asks for clarification, not for a change to screenshot taking capabilities. @mohe2015 @Alestrix @Spacefish @uschindler @Lucurus your thoughts? I want to keep a low profile for now and not reopen closed issues while the maintainers consider me to be hostile. Alternative: Rename this issue. Question: Can someone maybe explain a workaround in detail? I tried AZ Screen Recorder but I get a black screenshot. @0xA1B2 You may want to reconsider your recommendation of Screen Master. It also gives only a black screen - at least that's what I got with it.
daredem0
commented
4 years ago I doubt that any app has the right to disable a feature of my phone. That would have to be court tested. A simple workaround to make quick screenshots without using the overloaded Google Assistant is to use "Screen Master":
https://play.google.com/store/apps/details?id=pro.capture.screenshot&hl=en
This seems to be not working anymore as of now, captured screenshots appear to be just black. Im also disappointed by this being blocked. I understand the reasoning of the dev and see the point, however I believe everybody should have control over their own devices and make that decision themselves.
tobidwest
commented
4 years ago Rename this issue.
Done.
DerVogel2020
commented
4 years ago Why should I be able to make a screenshot of the app? I don't need it. Most of the users (hopefully) just install the app and wait for a notification.
BastianZim
commented
4 years ago @corneliusroemer To be honest, I think we have more pressing issues right now than being able to take a screenshot or not. If the decision to use this app is based on whether one can screenshot it or not, then I'm not sure if that person has understood the reasoning behind the app. Besides that, I would recommend that we wait for someone from the team to have a look at this issue, once everything has calmed down and not discuss it further in order to not take any attention away from more important issues.
tobidwest
commented
4 years ago If the problem is not resolved soon, no one will post screenshot anymore. Then this way of advertising the app is over.
corneliusroemer
commented
4 years ago @Lucurus Thanks for your thoughts. Fair point, there are more pressing issues. However, commenting here doesn't necessarily harm the project as a whole - I would hope maintainers prioritise issues properly anyways. Benefits of allowing screenshots (@DerVogel2020)
So overall, I think these reasons warrant further discussion and implementation as soon as more pressing issues are fixed - and if the effort required isn't too big, which it doesn't seem to be from what I can see.
@hellomrjones: Friendly advice, I've experienced here that it doesn't help to bring the cost of the app up. Maintainers may use it to shut down important critical discussions, see #478 #600. I'm careful now not to provide any ammunition against the community.
BastianZim
commented
4 years ago @corneliusroemer Thanks for your explanatory reply. Yes, I fully agree with the sentiment that providing feedback to the developers isn't harming it, in fact, I fully support it as well, after all, that is one of the points of open source! My comment was more directed towards some of the more drastic and, in my opinion, unhelpful and inflammatory comments in this chain.
What you outlined in the section is indeed relevant and should be implemented once the capacity is available, but, and I am also not involved with the project, I have just been following it for some time, the implementation of screenshots, taking into account privacy and security related aspects, is not as easy as you assume it to be. See #9 for initial reasoning and #41, especially https://github.com/corona-warn-app/cwa-app-android/pull/41#issuecomment-637990309 and #77 for why the implementation is not that easy.
corneliusroemer
commented
4 years ago Thanks @Lucurus for giving an in-depth explanation of the challenges regarding implementation.
I totally agree re inflammatory comments. I have empathy with the people making them, I'm also guilty of similar feelings occasionally, but they are unfortunately not helping us. If anything express these thoughts on Twitter where they are not giving any cause for retribution.
Much better than attacking the maintainers emotionally is if we can provide good reasons against what the community feels are unwise actions by the maintainers. It's much harder to ignore and silence.
corneliusroemer
commented
4 years ago This seems to be the BSI being prohibitively restrictive in their recommendations. Rather than the BSI's recommendation being regurgitated every time this comes up: What about asking the BSI what it thinks about the new proposal?
Also it's good to bear in mind that the BSI's rating was low so they don't consider it a big thing that cannot be overwritten with sufficient justification.
According to @harambasicluka here https://github.com/corona-warn-app/cwa-app-android/pull/619#issuecomment-645920236 this is being discussed internally. So good news.
steps56
commented
4 years ago Hi, I use "cyanogenmod screencast" (my systems onboard app ;-)...) to take a short screenvideo by scrolling the corona app. Playing this screencast, let me take any screenshot I want ;-) This shows 2 things:
tomjschwanke
commented
4 years ago It's easy possible to take screens.
It isn't as easy (if even possible) on modern Androids, as Google has rigorous protections if an app requested them. Screen recording will give you a black screen as soon as you open the app. Of course, rooted phones can circumvent this, but rooting isn't something everybody does.
Diable Screenshot possibiliy in app code, isn't worth the effort, as its easy to overcome.
This is pretty easy, you'd just need to set FLAG_SECURE to true and Android does the all the work of preventing screenshots.
steps56
commented
4 years ago Yes, you are 100% right. Tried it with s4 and lineageos 17.1 (android 10 based) and my "workhorse" also s4, but based at 6.0.1 cyanogenmod. (both rooted for sure) Old one worked (easy screen and so on), new android 10 based... no way. So, old stuff is sometimes better (like cars) ;-) to get back control... and block Google as far as possible. :-)
Fabian42
commented
4 years ago I want to note that the XPosed mod "DisableFlagSecure" works around this flag, as the name implies. This can be used for error message screenshots etc. In another report, someone also created a screenshot using remote-control with AnyDesk. That makes me think that some screen recorders might also work. AnyDesk doesn't even seem to require root (it doesn't appear in my SuperUser menu) and screen recorders might also not need it, depending on the Android version. You might even have a basic screen recorder preinstalled with your system on new Android versions.
corneliusroemer
commented
4 years ago I want to note that the XPosed mod "DisableFlagSecure" works around this flag, as the name implies. This can be used for error message screenshots etc. In another report, someone also created a screenshot using remote-control with AnyDesk. That makes me think that some screen recorders might also work. AnyDesk doesn't even seem to require root (it doesn't appear in my SuperUser menu) and screen recorders might also not need it, depending on the Android version. You might even have a basic screen recorder preinstalled with your system on new Android versions.
Just tested with AnyDesk and Android 10, nope, doesn't work. Get a black screen on AnyDesk. As mentioned before, there seems to be increasing restrictiveness with newer Android releases. There are a lot of people saying they have workarounds, but they alway only work for like Android 6/7 or so.
pathmapper
commented
4 years ago Should such screenshots work in 1.1.1?
fredrb
commented
4 years ago @pathmapper on the release notes PR #745 is on the 1.2.0 release notes and not 1.1.1. So I suppose the fix will only be available on the next update.
pathmapper
commented
4 years ago @fredrb thanks for pointing me to the 1.2.0 release notes, didn't notice that they are available.
Yeah, looks like this will be included in 1.2.0 :+1:
Your Question
activity.window.setFlags( WindowManager.LayoutParams.FLAG_SECURE, WindowManager.LayoutParams.FLAG_SECURE )