Unintended Data Leakage

Mobile applications can inadvertently leak sensitive information through various channels that developers might not consider. This differs from insecure storage as the leakage often occurs through legitimate OS features used incorrectly.

Common Leakage Points:

Application backgrounding screenshots containing sensitive data
Clipboard/pasteboard accessible by other applications
Application logs containing user information
URL schemes exposing sensitive parameters
Analytics and crash reporting sending unfiltered data
Keyboard cache storing sensitive input

Prevention Techniques:

// iOS - Prevent screenshot in background
func applicationDidEnterBackground(_ application: UIApplication) {
    let blurEffect = UIBlurEffect(style: .light)
    let blurEffectView = UIVisualEffectView(effect: blurEffect)
    blurEffectView.frame = window.bounds
    blurEffectView.tag = 999
    window.addSubview(blurEffectView)
}

func applicationWillEnterForeground(_ application: UIApplication) {
    window.viewWithTag(999)?.removeFromSuperview()
}

// Android - Disable screenshots for sensitive screens
class SecureActivity : AppCompatActivity() {
    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        
        // Prevent screenshots and screen recording
        window.setFlags(
            WindowManager.LayoutParams.FLAG_SECURE,
            WindowManager.LayoutParams.FLAG_SECURE
        )
    }
}