soam1
commented
1 year ago @grrrrr i would like to pick this up. I hope you assign me this so I could help
Open grrrrr opened 1 year ago
soam1
commented
1 year ago @grrrrr i would like to pick this up. I hope you assign me this so I could help
12people
commented
1 year ago @grrrrr Thanks for the suggestion. However, as you say, it's not a great privacy solution and there are many ways in which it could be circumvented. For example, even in the case of malware that would give an attacker access to your device, the attacker could just as easily gain access to the database associated with the app — either via the on-device file or via the "Export" screen.
Also, I think I fail to see the use-case for this, as unlike with password apps or medical apps or even communication apps, the data in Time Cop is unlikely to be particularly sensitive. I guess unless you're doing sensitive government work, but then your whole device should be hardened and blocking screenshots is unlikely to be much of a help. And if you're under a repressive regime and doing activist work, perhaps consider using a codename for your project rather than "Secret Anti-government Project".
At the end of the day, if you're concerned about any of your data leaking, then you need to harden your entire device. Blocking screenshots won't help here.
Let me know if I'm missing some important use-case. For now, I just don't think it's worth the implementation or maintenance effort (especially as this would be Android-only; iOS is not seeing new releases and desktop platforms don't have support for this feature AFAIK) or worth the UI clutter in adding another setting.
grrrrr
commented
1 year ago @soam1 I think you could just make a pull request and @12people would decide to accept it or not
as unlike with password apps or medical apps or even communication apps, the data in Time Cop is unlikely to be particularly sensitive
@12people a bit as you say, the work (or some of it) is sensitive
For example, even in the case of malware that would give an attacker access to your device, the attacker could just as easily gain access to the database associated with the app — either via the on-device file or via the "Export" screen.
This really depends, most malware will either target specific data on a phone when they know what they want or take screenshots to gather a more overall view.
While I am android, it's my understanding that iOS also has the ability to restrict this as of iOS 1411.
Thanks for at least considering and close if it is something not what you want implemented.
12people
commented
1 year ago @grrrrr @soam1
If it were up to me, I don't think I would accept this, as I think it adds unnecessary complication without significant enough security advantages.
(As for iOS, the potential might be there, but the iOS release hasn't been updated in years.)
However, I'm just a volunteer maintainer. @hamaluik is the owner of this project and the decision is up to him. He tends to be quite busy nowadays, but if he notices this conversation, he'll have the final say on this.
12people
commented
1 year ago BTW, I'd be curious whether malware doesn't generally have ways to go around the flag that disables taking screenshots, as malware tends to have escalated privileges anyway. Is there any evidence of this flag thwarting malware?
I am aware that this is not a perfect privacy solution and there are ways around it but it would be useful to have TimeCop block the ability to take screenshots.
While the risks / concerns of someone remotely taking a screenshot of TimeCop on most peoples devices phone are low there are still users who may be more high risk, it is a possibility that some malware is setup to take screenshots of the recorded data and could result in issues in restrictive countries
Additionally with screenshots blocked, switching apps would result in you seeing TimeCop is your list of open apps but not seeing the screen it's contents, an extra benefit
My suggestion would be to add a toggle allowing users to opt-in to this feature,.
Some apps that do that have this option if examples/comparison is needed