Sensitive data hiding

When using native rendering mode, SDK can record sensitive data in your application.

In order to protect user privacy, Smartlook can be configured so that the sensitive data is not recorded.

Smartlook attempts to hide selected sensitive UI element automatically. It can be also instructed to hide or show particular UI components. Alternatively, using one of the wireframe rendering modes records screen in a schematic way, showing no user data. The last possibility is to stop screen capturing altogether by using no rendering mode.

๐Ÿ“˜

Sensitive elements are hidden locally on the device. No sensitive data are transferred over the network and stored in the dashboard.

Blacklisted views

Any view can be hidden in the recording by marking it as a blacklisted view. A specific view can be marked as blacklisted by calling:

Smartlook.registerBlacklistedView(ref: ComponentOrHandle));

If a specific view no longer needs to be blacklisted:

Smartlook.unregisterBlacklistedView(ref);

Blacklisted classes

Note that UITextView, UITextField, WKWebView on iOS and EditText, WebView on Android are blacklisted by default. Specific instances of these classes can be recorded using whitelist.

Whitelisted views

A specific view can be whitelisted so it is recorded even if it is an instance of a blacklisted class:

Smartlook.registerWhitelistedView(ref);

A specific view can be removed from a whitelist by calling:

Smartlook.unregisterWhitelistedView(ref);

Declarative way to handle sensitive views

To simplify handling of sensitive/not sensitive views in React Native we have prepared nice declarative ways to do it.

Using SmartlookSensitiveComponent

You can wrap the component to the SmartlookSensitiveComponent and control, if it's hidden or not with isSensitive prop. Just be sure that you are not passing functional component as children! Eg. wrap it to React.forwardRef first. See the example in example/src/components/Button.tsx.

import { SmartlookSensitiveComponent } from 'smartlook-react-native-wrapper';

// Blacklisting
<SmartlookSensitiveComponent isSensitive={true}>
  <Button title="Blacklisted button" />
</SmartlookSensitiveComponent>

// Whitelisting
<SmartlookSensitiveComponent isSensitive={false}>
  <TextInput
    style={{height: 40}}
    defaultValue="Whitelisted input"
  />
</SmartlookSensitiveComponent>

Using useSmartlookSensitiveRef hook

The another way to handle sensitive views is with useSmartlookSensitiveRef hook.

import { WebView } from 'react-native-webview';
import { useSmartlookSensitiveRef } from 'smartlook-react-native-wrapper';

const isWebViewSensitive = false;
const ref = useSmartlookSensitiveRef<WebView>(isWebViewSensitive);

<WebView ref={ref} source={{ html: "..." }} />

No Rendering

Sometimes the whole screen consists of sensitive data. In these cases it is beneficial to not record any screen data. This can be done by switching to no rendering rendering mode:

Smartlook.setRenderingMode(Smartlook.RenderingMode.NoRendering);

๐Ÿ“˜

SDK provides rendering modes that hide sensitive information by simplifying the rendered screen for recording. This can be advantageous because all user interaction is still being recorded, but all sensitive data are not rendered by design. Read more about rendering modes in conceptual documentation.

๐Ÿšง

Some screens can leak sensitive data even through automatically detected touch events. More about this issue in secure custom keyboard example.

When an application is no longer displaying sensitive data, the screen rendering mode can be set back to the preferred variant:

Smartlook.setRenderingMode(Smartlook.RenderingMode.Native);

WebView blacklisting/whitelisting

When an application has some parts displayed using WebView and these parts should be recorded, then the WebView recording needs to be enabled by adding the given view reference to whitelist:

// The full example can be seen in `example/src/screens/WebViewScreen.tsx`
import { WebView } from 'react-native-webview';
import { useSmartlookSensitiveRef } from 'smartlook-react-native-wrapper';

const isWebViewSensitive = false;
const ref = useSmartlookSensitiveRef<WebView>(isWebViewSensitive);

<WebView ref={ref} source={{ html: "..." }} />

If WebView is being recorded, all sensitive elements on the displayed web page should be marked as sensitive so that they are hidden. This can be done by marking sensitive HTML elements with .smartlook-hide css class:

<div class='smartlook-hide'>
   This will be hidden.
</div>

All inputs are hidden by default except for button and submit types. If some hidden inputs should be recorded they can be marked with .smartlook-show css class:

<input type="text" class='smartlook-show'>