In order to protect user privacy, you can configure Smartlook to not record sensitive data.
Currently, there are three methods to handle sensitive data:
Rendering modes
The Smartlook SDK offers three rendering modes to create session recordings. Each rendering mode renders the app screen in a different way. The default rendering mode for the Smartlook SDK is Native (.native).
When using the Native rendering mode, the SDK can record sensitive data in your application.
The rendering modes available in the Smartlook SDK:
| Rendering mode | What is captured |
|---|---|
.native | Regularly captures the app screen which the SDK immediately processes to remove sensitive data. The frames are then complied to make the session recording. For more information, see View sensitivity. |
.wireframe | Captures the app using only a wireframe representation of the screen data. No user data is recorded. This is the preferred rendering method for user data security. |
.noRendering | No content is recorded. |
Setting the rendering mode
To set the rendering mode:
Smartlook.instance.preferences.renderingMode = .nativeReading the rendering mode
To see what rendering mode the SDK is using:
let renderingMode = Smartlook.instance.state.renderingModeWireframe rendering
You can use wireframe rendering to view how your users use your app, but not reveal any of the elements. This is the preferred method for user data safety.
Examples of wireframe rendering:
Example 1 | Example 2 |
|---|---|
  |   |
Sensitivity
View sensitivity
You can set sensitivity to any UIView instance:
sampleView.slSensitive = true|false|nil
Smartlook.instance.sensitivity[someView] = true|false|nilClass sensitivity
You can also set the sensitivity to all instances of a Class that extends a UIView rather than setting the sensitivity on a specific UIView:
Smartlook.instance.sensitivity[SomeViewSubclass.self] = true|false|nil
Default sensitive classesBy default, the
UITextView,UITextFieldandWKWebViewclasses are set as sensitive. To override the sensitivity on the class or instance level, set the class or instance sensitivity tofalseornil.
Protocol sensitivity
Smartlook provides two protocols, SensitiveData and NonSensitiveData that can be used to adjust class sensitivity.
Sensitivity prioritization
When determining if the UIView instance is sensitive, the resolution process checks the sensitivity in a strict order.
UIView instances are not recorded if:
- the sensitivity is set to
true. - the
Classsensitivity is set totrue. - the class conforms
NonSensitiveDataprotocol
Class hierarchy and sensitivity
The sensitivity set on descendants has a higher priority than the sensitivity set on the ancestors. For example, if we have a custom UITextView class descendant (class MyCustomTextView: UITextView) and mark it as non-sensitive, then MyCustomTextView and all its descendants will not be sensitive, no matter what sensitivity we set for UITextView.
Similarly, if we set the sensitivity on an ancestor class, all its descendants take over that sensitivity.
Rendering modesThe Smartlook SDK provides rendering modes that hide sensitive information by simplifying the rendered screen for recording. This is still useful to you because all user interactions are still recorded, but no sensitive data is rendered. For more information, see Rendering modes.
Automatically-detected touch eventsSome screens display sensitive data through automatically detected touch events. Read more about this issue in secure custom keyboard example.
When the application no longer displays sensitive data, you can set screen rendering mode to NATIVE:
Smartlook.instance.preferences.renderingMode = .nativeWebView sensitivity
If an app uses WKWebView and you want record them, you need to enable WKWebView recording. You can enable WKWebView recording by removing the sensitivity:
Smartlook.instance.sensitivity[WKWebView.self] = trueIf WKWebView is being recorded, all sensitive elements on the displayed website should be marked as sensitive so that they are hidden. You can mark sensitive elements as sensitive using HTML elements with .smartlook-hide css class:
<div class='smartlook-hide'>
This will be hidden.
</div>All inputs are hidden by default except button and submit. If some hidden inputs should be recorded, they can be marked with .smartlook-show css class:
<input type="text" class='smartlook-show'>Recording masks
In cases where areas of the app shouldn't be recorded, but cannot be defined by a UIview, you can use RecordingMask:
var maskElements = [MaskElement]()
maskElements.append(MaskElement(rect: CGRect(x: 0, y: 0, width: 100, height: 100), type: .covering))
maskElements.append(MaskElement(rect: CGRect(x: 50, y:120, width: 100, height: 100), type: .erasing))
let recordingMask = RecordingMask(elements: maskElements)
Smartlook.instance.recordingMask = recordingMaskYou can only have one Recording mask set at a time, but the recording mask can contain a list of MaskElement to cover multiple areas at once.
MaskElement can be one of two types:
| Mask type | How it works |
|---|---|
RecordingMask.Element.Type.COVERING | The area defined by the element Rect is not recorded |
RecordingMask.Element.Type.ERASING | The area defined by the element Rect is recorded even if a previous RecordingMask.Element inside a list was covering the area. |
MaskElement.MaskType.erasing– area defined by the elementCGRectwill be recorded even if a previouslyMaskElementwas.coveringthis area.
RecordingMask example
RecordingMask exampleThe following example describes a RecordingMask in action.
On the left:
- The blue box represents a
video_itemelement. - The red box represents a
video_item_imageelement.
On the right:
- The
video_itemelement (blue box) has a.COVERINGvalue. The.COVERINGvalue masks the element in the session recording. - The
video_item_imageelement (red box) has an.ERASINGvalue. The image is visible in the session recording because the.ERASINGvalue cancels the.COVERINGvalue.
