When using native rendering mode, SDK can record sensitive data in your application.
In order to protect user privacy, Smartlook can be configured so that the sensitive data is not recorded.
Smartlook attempts to hide selected sensitive UI element automatically. It can be also instructed to hide or show particular UI components. Alternatively, using one of the wireframe rendering modes records screen in a schematic way, showing no user data. The last possibility is to stop screen capturing altogether by using no rendering mode.
Sensitive elements are hidden locally on the device. No sensitive data are transferred over the network and stored in the dashboard.
Any view can be hidden in the recording by marking it as a blacklisted view. A specific view can be marked as blacklisted by calling:
public static void RegisterBlacklistedObject(object @object)
If a specific view no longer needs to be blacklisted:
A blacklisted view is hidden on recording by a single color rectangle. The color of this rectangle can be configured by calling:
public static void SetBlacklistedItemsColor(float red, float green, float blue);
This is applied for all blacklisted objects.
Note that for convenience, some classes are blacklisted by default:
A specific view can be whitelisted so it is recorded even if it is an instance of a blacklisted class:
public static void RegisterWhitelistedObject(object @object)
A specific view can be removed from a whitelist by calling:
public static void UnregisterWhitelistedObject(object @object)
Sometimes the whole screen consists of sensitive data. In these cases it is beneficial to not record any screen data. This can be done by switching to
NoRendering rendering mode:
SDK provides rendering modes that hide sensitive information by simplifying the rendered screen for recording. This can be advantageous because all user interaction is still being recorded, but all sensitive data are not rendered by design. Read more about rendering modes in conceptual documentation.
Some screens can leak sensitive data even through automatically detected touch events. More about this issue in secure custom keyboard example.
When an application is no longer displaying sensitive data, the screen rendering mode can be set back to the preferred variant:
When an application has some parts displayed using a WebView (
WKWebView on iOS,
WebView on Android) and theese parts should be recorded, then the WebView recording needs to be enabled by removing the respective components from the blacklist:
WebView is being recorded, all sensitive elements on the displayed web page should be marked as sensitive so that they are hidden. This can be done by marking sensitive HTML elements with
.smartlook-hide css class:
<div class='smartlook-hide'> This will be hidden. </div>
All inputs are hidden by default except for
submit types. If some hidden inputs should be recorded they can be marked with
.smartlook-show css class:
<input type="text" class='smartlook-show'>