When using the native rendering mode, the SDK can record sensitive data in your application.

In order to protect user privacy, you can configure Smartlook to not record sensitive data.

Smartlook attempts to hide selected sensitive UI elements automatically. It can be also instructed to hide or show particular UI components. Alternatively, using one of the wireframe rendering modes records the screen in a schematic way, showing no user data. The last possibility is to stop screen capturing altogether by using no rendering mode.

πŸ‘

Locally hidden elements

Sensitive elements are hidden locally on the device. No sensitive data is transferred to or stored in the dashboard.

View sensitivity

You can set sensitivity to any View instance:

sampleView.slSensitive = true|false|nil

Smartlook.instance.sensitivity[someView] = true|false|nil

Class sensitivity

You can also set the sensitivity to all instances of a Class that extends a View rather than setting the sensitivity on a specific View:

Smartlook.instance.sensitivity[SomeViewSubclass.self] = true|false|nil

πŸ“˜

Default sensitive classes

By default, the UITextView, UITextField and WKWebView classes are set as sensitive. To override the sensitivity on the class or instance level, set the class or instance sensitivity to false or nil.

Protocol sensitivity

Smartlook provides two protocols, SensitiveData and NonSensitiveData that can be used to adjust class sensitivity.

Sensitivity prioritization

When determining if the View instance is sensitive, the resolution process checks the sensitivity in a strict order.

View instances are not recorded if:

  1. the sensitivity is set to true.
  2. the Class sensitivity is set to true.
  3. the class conforms NonSensitiveData protocol

Class hierarchy and sensitivity

Sensitivity set to a more specific class (deeper in the inheritance tree) has higher priority. We will demonstrate this principle in the example using the inheritance tree:

16841684

If TextView is set to be sensitive and RadioButton is explicitly set to not be sensitive:

Smartlook.instance.sensitivity[TextView.self] = true
Smartlook.instance.sensitivity[TextView.self] = false

These statements are factual if we assume no View instance-specific sensitivity is set:

  • All instances of TextView, Button, CompoundButton, RadioButton, Switch, and ToggleButton will be sensitive
  • All instances of CheckBox are not sensitive, even though CheckBox inherits from the sensitive class TextView.

No Rendering

Sometimes, the entire screen is filled with sensitive data. In these cases, it is best not to record any data. To not record any data, use the NO_RENDERING rendering mode:

Smartlook.instance.preferences.renderingMode = .noRendering

πŸ“˜

Rendering modes

The Smartlook SDK provides rendering modes that hide sensitive information by simplifying the rendered screen for recording. This is still useful to you because all user interactions are still recorded, but no sensitive data is rendered. For more information, see Rendering modes.

🚧

Automatically-detected touch events

Some screens display sensitive data through automatically detected touch events. Read more about this issue in secure custom keyboard example.

When the application no longer displays sensitive data, you can set screen rendering mode to NATIVE:

Smartlook.instance.preferences.renderingMode = .native

WebView sensitivity

If an app uses WKWebView and you want record them, you need to enable WKWebView recording. You can enable WKWebView recording by removing the sensitivity:

Smartlook.instance.sensitivity[WKWebView.self] = true

If WKWebView is being recorded, all sensitive elements on the displayed website should be marked as sensitive so that they are hidden. You can mark sensitive elements as sensitive using HTML elements with .smartlook-hide css class:

<div class='smartlook-hide'>
   This will be hidden.
</div>

All inputs are hidden by default except button and submit. If some hidden inputs should be recorded, they can be marked with .smartlook-show css class:

<input type="text" class='smartlook-show'>

Recording mask

In cases where areas of the app shouldn't be recorded, but cannot be defined by a view, you can use RecordingMask:

var maskElements = [MaskElement]()

maskElements.append(MaskElement(rect: CGRect(x: 0, y: 0, width: 100, height: 100), type: .covering))
maskElements.append(MaskElement(rect: CGRect(x: 50, y:120, width: 100, height: 100), type: .erasing))

let recordingMask = RecordingMask(elements: maskElements)

Smartlook.instance.recordingMask = recordingMask

You can only have one Recording mask set at a time, but the recording mask can contain a list of MaskElement to cover multiple areas at once.

MaskElement can be one of two types:

  • MaskElement.MaskType.covering – area defined by the element CGRect will not be recorded.
  • MaskElement.MaskType.erasing – area defined by the element CGRect will be recorded even if a previously MaskElement was .covering this area.