| ▲ | hypeatei 14 hours ago |
| > prevents me from taking screenshots if an app author doesn't want me to The most frustrating part about this "feature" is that you don't know it's enabled until the screenshot is taken and you're left with a picture of nothing. That and some app authors thinking they're protecting you with this (referring to banking apps in particular) |
|
| ▲ | GuB-42 2 hours ago | parent | next [-] |
| It is not for preventing you from taking screenshots, if you insist, you can do it with another camera. It is to prevent malware and "helpful" AI tools from doing it for you and then uploading the picture to who knows where. Signal does this too, though I think it is optional. Beyond preventing screenshots, it blacks out the window content in the task switcher, which is useful if someone is looking over your shoulder. This, by the way, is a good way to check if screenshots are allowed. If the window appears black in the task switcher, screenshots won't work. The idea is similar to the "**" password fields. |
| |
| ▲ | thmsths 2 hours ago | parent [-] | | I mean if the goal is to prevent potential malicious apps from taking screenshots automatically; instead of saving a clueless user from themselves or worse getting in the way of legitimate users I believe that the proper solution is to disallow programmatic screenshots while still allowing screenshots when there is the correct button press (and ensure that this cannot be emulated). Windows reserves ctrl-alt-delete as a direct signal to the kernel for security purposes. Why can't android do the same? |
|
|
| ▲ | stronglikedan 24 minutes ago | parent | prev | next [-] |
| > The most frustrating part about this "feature" is that you don't know it's enabled until the screenshot is taken and you're left with a picture of nothing. That's doesn't sound right. On mine, a message is displayed saying that the app does not allow screenshots, and no image is written to the device. |
|
| ▲ | godelski 10 hours ago | parent | prev | next [-] |
| In some sense they are. But being protected either from a consequence of my own stupidity or a consequence of their lack of security. I think the worst part of all is that these "bandaids" are being used in place of actual security. I don't need to be protected from my own stupidity nor do I need security theater. |
| |
| ▲ | mr_mitm 8 hours ago | parent | next [-] | | I think the threat model here is that a different, malicious app (compromised, installed accidentally or by the means of social engineering) might take screenshots of your screen and forward them to take advantage of you. You can file this under one's "own stupidity" as well, sure, but in the end they're not protecting you, they're protecting themselves, because banks might be liable for these kind of things, and by imposing these restrictions, they're reducing the amount of fraud and thus improve their bottom line. | | |
| ▲ | shmel 4 hours ago | parent | next [-] | | Are you implying that Google is unable to distinguish whether a screenshot is triggered via a combination of hardware buttons vs via a software call from another app that isn't even on the foreground in their own ecosystem? That's a quite sad state of affairs, isn't it? | | |
| ▲ | Zak 2 hours ago | parent [-] | | I've been unimpressed with Google's commitment to making the fundamentals of Android great. They seem to prefer doing the minimum required there and putting all their efforts into something more sexy, like generating fake photos that look like they were taken with a 2400mm lens. I don't want my phone to generate fake photos; I do want it to always let me manually take screenshots, but require turning on a permission that's a little awkward to find to allow an app to do so. |
| |
| ▲ | franga2000 6 hours ago | parent | prev | next [-] | | I see this argument everywhere and I've never heard of a case where a bank was liable because a customer was phished. I've even asked for examples and nobody ever provided them. It's one thing to argue in court that they should be liable because they didn't provide you with the necessary security tools (like MFA), but they all provide at least SMS 2FA these days and their apps run on iOS and Android, both of which have plenty of security features. | | |
| ▲ | cwillu 5 hours ago | parent | next [-] | | If a bank is required to reverse fraudulent charges (and they are), that means they're liable for those charges. | |
| ▲ | izacus 5 hours ago | parent | prev [-] | | In reality what happened is that some security auditor put it into a checklist for the mobile app "Security ISO certificate++" and now everyone implements it for compliance. Fighting against that is insane paperwork and professional exposure for software engineers that do it (since if people get phished, the C-suite will point a finger at a tech lead which went against the "professional security audit"). Most of other posts here are just post-rationalization and victim blaming. |
| |
| ▲ | FuriouslyAdrift 2 hours ago | parent | prev | next [-] | | There was a Microsoft Terminal Server "monitoring" application that worked by recording the screen through a series of JPG screenshots. It worked surprisingly well and bypassed all kinds of controls. | |
| ▲ | AnthonyMouse 5 hours ago | parent | prev [-] | | > they're protecting themselves [citation needed] The theory here is that it provides a marginal security improvement if there is malware on the phone, but if there is malware on the phone then there are a hundred other things it can do to the same effect and you're likely screwed anyway. And by doing this, you also block the user from taking screenshots, which is bad, because screenshots are harder for computers to parse, and that's a marginal security advantage. If the user is going to send e.g. their account number to someone else (for a legitimate reason), it's better that they do it as a screenshot than that you force them to type it as text, because text is machine searchable. Which is worse when that messaging system gets compromised and then the attacker can do a text search for a pattern matching a bank routing number and be more likely to discover that message than if it was only there in a JPG. Meanwhile the primary consequence of preventing screenshots is to inconvenience customers, which is an actual cost to the bank, because there is only a threshold amount of BS customers will put up with before switching banks and banks are constantly pushing up against that line already with all of their other BS. But then the lower-quality banks do it anyway because there is a box they can check which sounds like it's locking something down, so they check it without thinking. Which is a great canary for customers who want to know if their bank is dumb -- if they require this then they probably do all kinds of other dumb stuff and it's a strong indication you should switch banks before you get screwed by them doing some other foolish nonsense. | | |
| ▲ | high_na_euv 3 hours ago | parent [-] | | >because screenshots are harder for computers to parse, and that's a marginal security advantage. If the user is going to send e.g. their account number to someone else (for a legitimate reason), it's better that they do it as a screenshot than that you force them to type it as text, because text is machine searchable. Which is worse when that messaging system gets compromised and then the attacker can do a text search for a pattern matching a bank routing number and be more likely to discover that message than if it was only there in a JPG. Tbf it is 2025, not 2010, it isnt that hard |
|
| |
| ▲ | Aerroon 9 hours ago | parent | prev [-] | | It doesn't really protect anything though, because you can always just use an external camera to take a picture of your screen. | | |
| ▲ | Cloudef 8 hours ago | parent | next [-] | | Its probably meant to try mitigate damage in case bad actor gets remote access to your phone or you have malware. | | |
| ▲ | const_cast 3 hours ago | parent [-] | | If your phone is remotely rooted, the screenshot is providing no security. |
| |
| ▲ | ncruces 4 hours ago | parent | prev [-] | | It protects less proficient users from accidentally taking a screenshot. |
|
|
|
| ▲ | Foobar8568 10 hours ago | parent | prev | next [-] |
| I want to send my new IBAN to my company, I can, no screenshot allowed on the screen with banking information. So I need to log on their website to do it.
At least my new bank allows such screenshot and to copy account information directly from the app. |
| |
| ▲ | looofooo0 10 hours ago | parent | next [-] | | There is a special place in hell for people providing non copyable text information in the form of screenshots. | | |
| ▲ | mr_mitm 8 hours ago | parent | next [-] | | Modern life is full of these tiny inconveniences. It usually involves some sort of "smart" devices, like light switches, stoves, elevator buttons, etc. Each one of which could be forgivable, but in sum it's like death by a thousand paper cuts. User hostile UI in the name of security is particularly bad: we are supposed to type unique and complicated passwords in text fields without being able to see what we type, and if we get it wrong, we are put in timeout for two seconds. Citrix Netscaler nowadays apparently wants to be extra secure and shows you the most generic error message if you have a typo in either your password or user name and just tells you to "try again later", so you do until you lock yourself out. It's madness. | |
| ▲ | godelski 10 hours ago | parent | prev | next [-] | | It's amazing how many "little" things there are like this. Like I honestly can't remember the last time I filled out a form which required something like my country and I didn't have to scroll to find it. All the information's there to make a good guess. But this is just one example of a million. There's just too many papercuts. | |
| ▲ | GuB-42 2 hours ago | parent | prev | next [-] | | And PDF documents in image form. Usually scans of printed copies. It is fine for historical documents, but doing today means you really want to piss people off. And by the way, PDF files support signatures, both handwritten and digital. There are ways other than printing a 100+ page document and scanning it just so that your signature shows up on a single one of these pages. | |
| ▲ | NicuCalcea 9 hours ago | parent | prev | next [-] | | The other day I wanted to send someone proof that a transaction has gone through. A screenshot would have been the obvious choice, but of course, my banking app wouldn't let me do it. | | |
| ▲ | t_mann 9 hours ago | parent | next [-] | | A screenshot would also be trivial to counterfeit. That being said, I am not aware of any banks that provide any actually tamper-proof, shareable transaction confirmations. | | | |
| ▲ | pasc1878 2 hours ago | parent | prev [-] | | Why does a third party want to know the transaction occured? These seems a bit like a scam. Why can't they ask the recevier? |
| |
| ▲ | robinsonb5 3 hours ago | parent | prev | next [-] | | At least the days of those screenshot being pasted into a Microsoft Word document are mostly behind us now... | |
| ▲ | danieldk 10 hours ago | parent | prev | next [-] | | Perhaps true, but some modern OSes (like macOS and iOS) allow you to copy text from screenshots. And since the text quality of screenshots is typically good, it works well. | | |
| ▲ | interloxia 5 hours ago | parent [-] | | Windows with power toys and android have it too. The Penny supermarkt app on android disables both screenshots and text selection with the error that it is disabled by admin. |
| |
| ▲ | tpm 6 hours ago | parent | prev | next [-] | | At this point you can just use google lens or something like that to copy text from images. | | | |
| ▲ | ponector 10 hours ago | parent | prev [-] | | Do you prefer a voice message instead? /s |
| |
| ▲ | cenamus 9 hours ago | parent | prev | next [-] | | They literally had me photocopy the phone screen because of the same issue. | |
| ▲ | FinnKuhn 4 hours ago | parent | prev | next [-] | | Why not copy it from the App? | |
| ▲ | akomtu 10 hours ago | parent | prev [-] | | Two mirrors will make it allowed. |
|
|
| ▲ | nerdponx 12 hours ago | parent | prev | next [-] |
| Pretty sure Twitch on iOS does this now. Screen recording still works though. |
|
| ▲ | mihaaly 8 hours ago | parent | prev | next [-] |
| Jesus Christ! Who are the product designers of the present with these single-minded attitude not checking how the implementation affects the life of paying customers< Children?! Most take pride - on paper! - about what one can do 'so easily' with their product, just to raise barricades getting there, using it, or those pop up suddenly while using it, bumping into it like into a bollard ona highway. Or just chain them to it against will! I am not aiming at Android only here as this is a generic attitude I found from organization being so self obsessed about what THEY want that no-one else benefits, no-one else have real benefits - only mixed ones with sizeable drawbacks -, defying the purpose of having modern technology. When the life becomes differently complicated, then that is no progress at all, just messing around. I am thinking three, four, or more times nowadays buying any technology, which is sad, as I was so enthusiastic only one but especially two decades ago, discovering advances and gadgets. Not anymore. I spend my money - and TIME! - on things bringing benefit or joy instead, or on those I am FORCED into. Yes, this obsession of providing non-technology services (banking, bureaucracy, identification, ...) apps first (sometimes only, at least to various, sometimes important details of the use/access) which is a hugely demanding matter on users (choose, purchase, pay, setup, learn, re-learn, update, maintain, subscribe, know and accept terms, charge, protect, both physically and data wise, click away suggestions and self promotions while busy with something important) that it is a very bitter pill to swallow. |
|
| ▲ | nine_k 11 hours ago | parent | prev | next [-] |
| Now consider the fact that an arbitrary other app can take a screenshot clandestinely, via API. Would you like it to happen when you're looking at the summary of your accounts? your list of credit card numbers? The problem is that certain actions should only be acceptable if initiated by the user, physically. Think of the way Ctrl+Alt+Del works in Windows. This, of course, is not possible if you don't have enough fingers for the action, or something; here comes the loophole of assistive technologies, widely (ab)used for that on most platforms. |
| |
|
| ▲ | figmert 6 hours ago | parent | prev [-] |
| You're tech savvy enough, you're not the target for such a feature. The target is the grandmas and grandpas, and other people who have no idea about such things. |
