Secure custom keyboard

πŸ“˜

Code samples in this guide are written in Java/Kotlin but the principles are applicable on all platforms.

Some applications use non-native keyboards, typically for entering pin codes, etc. This can lead to the recording of sensitive data as we are going to demonstrate by this simple example.

1370

For this screen, we need to change the rendering mode to RenderingMode.NO_RENDERING:

Smartlook.setRenderingMode(RenderingMode.NO_RENDERING)
Smartlook.setRenderingMode(RenderingMode.NO_RENDERING);

By doing this we will ensure the SDK will not record the pin when the user enters it into the application. The visual clues might be the following:

  • Number buttons have a hover effect on them.
  • Numbers might be visible for a small period of time after they are entered.

Setting rendering mode is not enough!
SDK automatically tracks touch events, so even with blank video, we can clearly see where the user is touching on the recording.

1370

πŸ“˜

SDK does not record touches on native keyboards, so there is no risk of leaking any sensitive data this way.

Automatic touch detection can be disabled by setting event tracking mode to EventTrackingMode.IGNORE_USER_INTERACTION:

Smartlook.setEventTrackingMode(EventTrackingMode.IGNORE_USER_INTERACTION)
Smartlook.setEventTrackingMode(EventTrackingMode.IGNORE_USER_INTERACTION);

After applying these two steps, SDK will not record any sensitive data on this β€œpin” screen.

When your application is leaving this screen, just set the rendering mode and event tracking mode, back to your preferred values:

Smartlook.setRenderingMode(RenderingMode.NATIVE)
Smartlook.setEventTrackingMode(EventTrackingMode.FULL_TRACKING)
Smartlook.setRenderingMode(RenderingMode.NATIVE);
Smartlook.setEventTrackingMode(EventTrackingMode.FULL_TRACKING);