iOS Mobile App Security: UI Challenges Resolved

00:00

00:00

1x

• 0.25
• 0.5
• 0.75
• 1
• 1.25
• 1.5
• 1.75
• 2

The more time we spend on our smartphones, the more information we are ready to share with them. At present, mobile apps store terabytes of strictly confidential user data, but is it 100% secure? One should think carefully when answering this question.

Today’s article is about not-so-obvious iOS app security issues and protection measures that can get overlooked. What is the next step after you protect data storage, transportation, and encryption? Making sure that the device’s screen is also safe and protected. Illia Khrypunov, iOS Developer at CHI Software, will guide you through this process.

Here you will find helpful instructions on how to make iOS apps secure from screenshots and recording, as well as how to blur app content when switching between opened apps.

A Few Words About iOS Mobile App Security Stats

The number of mobile apps is growing, and so is the number of potential threats for users. As of the third quarter of 2022, around 1.64 billion apps were available on the App Store. There are millions of choices, but how many of them are completely safe?

Global Mobile Threat Report provided by Zimperium states that 51% of respondents have 4-8 work-related apps installed on their phone, and 31% have at least one app. Obviously, enterprises are as much at risk as individual users, so security enhancements must always remain on the agenda.

Despite the number of risks growing daily, 49% of businesses address a new in-app issue only with the next release, and sometimes, the update is deployed with delays.

How to set up iOS and Android app payment gateway integration Read more

According to Zimperium, nearly half of iOS applications related to healthcare, finance, retail, and lifestyle industries face various types of security risks.

Data protection, which we will talk about in this article, can take many forms. One of them is visual.

How to Blur App Content When Switching Between Opened Apps

Mobile applications often require hiding information on the screen when the user switches between the apps opened in the multitasking panel. To meet this requirement, we use UIVisualEffectView.

We can track the app’s current state to identify at what moment to implement the blur effect. For this, we use AppDelegate/SceneDelegate methods.

func sceneWillResignActive(_ scene: UIScene) {
		let blurEffect = UIBlurчEffect(style: UIBlurEffect.Style.dark)
		let blurEffectView = UIVisualEffectView(effect: blurEffect)
    blurEffectView.frame = window?.frame ?? .zero
    blurEffectView.tag = Constants.Tag.blurEffectView

    window?.addSubview(blurEffectView)
}

func sceneDidBecomeActive(_ scene: UIScene) {
		window?.viewWithTag(Constants.Tag.blurEffectView)?.removeFromSuperview()
}

Another tool allowing you to track application states is NotificationCenter. We add observers to the state, in which our View will hide (blur) sensitive content.

func addSceneNotificationObserver() {
		let notificationCenter = NotificationCenter.default
		notificationCenter.addObserver(self, selector: #selector(showBlurScreen), name: UIScene.willDeactivateNotification, object: nil)
    notificationCenter.addObserver(self, selector: #selector(hideBlurScreen), name: UIScene.didActivateNotification, object: nil)
}
    
@objc func showBlurScreen() {
		let blurEffect = UIBlurEffect(style: UIBlurEffect.Style.light)
    let blurEffectView = UIVisualEffectView(effect: blurEffect)
    blurEffectView.frame = view.frame
    blurEffectView.tag = Constants.Tag.blurEffectView

    view.addSubview(blurEffectView)
}
    
@objc func hideBlurScreen() {
    view.viewWithTag(Constants.Tag.blurEffectView)?.removeFromSuperview()
}

How to Prevent Screen Recording?

We can detect that a screen recording is about to start by using the notification UIScreen.capturedDidChangeNotification. After that, we can hide the screen immediately and display a pop-up window notifying users that they are not allowed to record the contents of our app.

func startPreventingRecording() {
		NotificationCenter.default.addObserver(self, selector: #selector(didDetectRecording), name: UIScreen.capturedDidChangeNotification, object: nil)
}

func presentWarningWindow() {
		warningWindow.removeFromSuperview()
    warningWindow.windowScene = nil

    guard let frame = appwindow?.bounds else { return }

    let windowScene = UIApplication.shared
        .connectedScenes
        .first {
		        $0.activationState == .foregroundActive || $0.activationState == .foregroundInactive
        }
        
    if let windowScene = windowScene as? UIWindowScene {
        warningWindow.windowScene = windowScene
    }

    warningWindow.frame = frame
    warningWindow.isHidden = false

    UIView.animate(withDuration: 0.15) {
		    self.infoLabel.alpha = 1.0
		    self.infoLabel.transform = .identity
    }
        
	  warningWindow.makeKeyAndVisible()
}

Want to set up an App Clip for your iOS clip? Read our guide

How to Protect Sensitive Information When a User Takes a Screenshot?

We cannot prevent people from taking screenshots when our app is opened. But we can get a notification when a user takes a screenshot via UIApplicationUserDidTakeScreenshotNotification.

Next, we can hide the provided information, and this notification feature is one of the essential tools to do that. This is what we mean:

• Concealing sensitive data before the contents move to the background. When an application transitions to the background, the system takes a screenshot of the app’s main screen, which it then presents briefly when transitioning your application back to the foreground.

How to implement in-app purchases with StoreKit Read a guide from our developers

Before returning from your applicationDidEnterBackground method, you should hide or blur passwords and other personal data that might be captured on the screenshot.

• Removing the taken screenshot from the gallery. For this, we use UserDidTakeScreenshotNotification, then, get the PHFetchResult<Array>, where we delete the last asset. This option is rather unreliable because we need to request access to the gallery. If the user has canceled access, we cannot pull out the desired screenshot and delete it.

let fetchOptions = PHFetchOptions()
fetchOptions.sortDescriptors?[0] = Foundation.NSSortDescriptor(key: "creationDate", ascending: true)
let fetchResult = PHAsset.fetchAssets(with: PHAssetMediaType.image, options: fetchOptions)
guard let lastAsset = fetchResult.lastObject else { return }
PHPhotoLibrary.shared().performChanges {
		PHAssetChangeRequest.deleteAssets([lastAsset] as NSFastEnumeration)
} completionHandler: { (success, errorMessage) in
		  if !success, let errorMessage = errorMessage {
		      print(errorMessage.localizedDescription)
      }
}

• Applying UITextField. Starting from iOS 13+, we can hide information on screenshots and screen recordings using UITextField if our textField is secure (isSecureTextEntry = true).

func hideContentOnScreenCapture() {
		DispatchQueue.main.async {
		    let field = UITextField()
        field.isSecureTextEntry = true
        self.addSubview(field)
        self.layer.superlayer?.addSublayer(field.layer)
        field.layer.sublayers?.first?.addSublayer(self.layer    
    }
}
    
func removeHideContentOnScreenCapture() {
    self.layer.sublayers?.removeFirst()
}

The workflow of this option is the following:

1. You need to add a TextField subview to the view that should be hidden;
2. Next, add a TextFiled sublayer to the superlayer of our view;
3. Add a layer of our view as a sublayer for our TextField.

Pros: Fast implementation, convenient for screenshots and screen recordings, and nothing needs to be changed.

Cons: The feature will not work properly if our view has several subviews.

Our guide on test-driven iOS development Continue reading

View hierarchy

Since iOS 13, we can also “trick” the system by making our content a part of the secure textField layer, which will hide the data when taking screenshots and recording screens.

The two handy libraries for preventing screenshots or screen recordings are SnapshotSafeView and ScreenShieldKit.

Сonclusion

iOS application security issues never get too old. Apps become more complex, offering more convenience to mobile users and… more challenges to app developers.

Tasks related to hiding information on screenshots and during screen recording are common, but there is no ready-made solution for each app. You should act according to the situation and choose the option that suits your project best.

In this short article, we described several iOS security tips to help you out when you have to deal with users’ private data. To figure out how it works in more detail, check out a project of our developer on GitHub. Also, feel free to contact CHI Software’s mobile development team to tackle pretty much any challenge on your project.

About the author

Polina Sukhostavets Content Writer

Polina is a curious writer who strongly believes in the power of quality content. She loves telling stories about trending innovations and making them understandable for the reader. Her favorite subjects include AI, AR, VR, IoT, design, and management.