Tomáš Soukal provides an in-depth guide on how to block screenshots, screen recording, and remote access tools in Android, Flutter, React Native, and iOS apps.
Last updated
Was this helpful?
Ever felt embarrassed after accidentally leaking your account balance, private messages, or personal photos and videos? As app developers, we’re often tasked with preventing such privacy breaches. Fortunately, implementing the right countermeasures is simpler than you think—and I’ll show you how.
For Your Eyes Only isn’t just a catchy phrase—it’s rooted in espionage history and made famous by the 1981 James Bond film. Originally used to label highly classified documents intended solely for authorized eyes, it perfectly captures the essence of protecting user data in mobile apps. When it comes to your users’ sensitive information, it truly should be for their eyes only.
Let’s explore a few common mobile app scenarios where you might want to enhance privacy and security:
Hide Everything: Protect highly sensitive content like health reports, password screens, account balances, recent transactions, and browsing history.
View, But Don’t Share: In galleries, stories, and dating apps, guard against unauthorized sharing by blocking screenshots and screen recording.
Leakage Awareness: Notify users if someone takes a screenshot of their stories, reels, or other ephemeral content.
Combat Social Engineering & Phishing: Block remote access tools like TeamViewer or AnyDesk to prevent attackers from stealing data or tricking users in phishing scams.
Screenshot & Device built-in Screenshot and Recording apps
Default system apps on many devices
Global data leakage
Remote Desktop Control Apps
Social engineering, global data leakage
Chromecast / Miracast screen sharing apps
Local data leakage
Third Party Screenshot & Recording apps
Global data leakage
ADB Video Stream / Control
Local data leakage
ADB Screenshot
adb exec-out screencap -p > screen.png
Global data leakage
Talsec provides comprehensive protection against all listed categories of screen capture apps, ensuring your app’s content remains secure. All previosly listed categories can be blocked, with the screen appearing black in screenshots, recordings, or casting.
To easily implement this protection, simply use the Talsec.blockScreenCapture(this, true) method within your application.
The protected application will display as a blank (black) screen in screenshots, screen recordings, screen casting, or when accessed through remote access tools like TeamViewer.
Screenshot Detection can be integrated by implementing onStart() and onStop() in the Activity class. Talsec is notified about the screenshot through Talsec.onScreenshotDetected(). This is returned to the application via the onScreenshotDetected() callback and processed further in the SDK.
Our RASP provides convenient callback method:
To integrate it you will need to integrate it into your Activity:
Screenshot Detection requires target Android SDK at least 34 (Android 14, API Level 34, Upside Down Cake).
Screen Recording can be integrated by implementing onStart() and onStop() in the Activity class. Talsec is notified about the screenshot through Talsec.onScreenRecordingDetected(). This is returned to the application via the onScreenRecordingDetected() callback and processed further in the SDK.
Our RASP provides convenient callback method:
To integrate it you will need to integrate it into your Activity:
Screen Recording Detection requires target Android SDK at least 35 (Android 15, API Level 35, Vanilla Ice Cream).
For businesses looking to implement more complex, customizable security solution RASP+ provides advanced features that go beyond simple threat detection. With built-in reactions, MalwareDetection, Overlay Detection, and Accessibility Services Misuse Detection, businesses can create a comprehensive defense strategy. Additionally, incidents such as screenshots and screen recording attempts are recorded in logging data, enabling thorough tracking.
written by Tomáš Soukal
Penetration Testing Defense: Skilled testers often use remote access tools to demonstrate data leakage vulnerabilities—make this an impossible win by securing against RAT exploits. Check OWASP Mobile Security Standard requirement.
,
,
,
At Talsec, we set out to solve this problem elegantly by introducing three simple methods to tackle it effectively. You will find them both in the and RASP+ on all supported platforms (Android, Flutter, React Native, Capacitor, Cordova, iOS).
To effectively block all screen capture threats, both free and business approaches can be used depending on your security needs. For those seeking a cost-effective solution, and offer foundational protection. These tools can block basic screen capture threats while incorporating malware detection technologies to uncover Remote Access Tools (RATs) by searching for package names and risky permissions. This provides a robust initial layer of security without the need for a premium plan.
Tomáš Soukal is a Senior Mobile Security Developer, OWASP MAS contributor, and Product Owner of Talsec RASP, specializing in app hardening and mobile security. When he's not crafting secure code, you can find him owning the dance floor as an avid dancer.