Warning message and/or preventing screenshot for personal data sensitive applications

[ninedter]

Platform:
iOS, Android

Description:
The current MSTG test cases for the screenshot on mobile devices state and restrains the screenshots for application when it is in the background. However, for applications that are sensitive to personal or financial data, this test case does not apply.

A warning message for such applications when a screenshot is triggered would also bring users aware of such activities as well as acknowledge to consent that this action is done by the user itself. In which case, it would protect the app developer or the institution that it belongs to that if in such case the screenshot or data of this nature is leaked by malicious or other methods, the developer and the institution are not liable for such data leakage.

Or in other methods, preventing this action within the app itself could also be enforced with financial or apps that are sensitive to personal information.

In sum, this would allow for a more secure operating environment for the users when using the app, as well as prevent malicious codes from running or capturing sensitive data from devices while the user is operating.

Please take under consideration for an additional test case on top of MSTG-STORAGE-9 to further improve on screenshot limitations. Thanks.

[commjoen]

Though there might be limits in terms of what we can detect in terms of screenshotting, especially on jailbroken/rooted device, I do think that this makes up for a great L2 requirement!