# How to Detect Screen Capture & Recording using Kotlin Screenshots and screen recordings may seem harmless, but in sensitive apps (banking, fintech, healthcare, messaging), they can expose confidential user data. Luckily, modern tools make it possible to detect and respond to these risks effectively.

### What is Screen Capture & Recording? Screen capture/recording refers to when users take screenshots or record your app’s screen. While capturing itself doesn’t impose threat, malicious actors can exploit it to steal sensitive information. Attackers often use: * **Built-in Android screenshots/recording** tools * **Third-party screen recorder apps** * **Malware** that captures the screen without consent {% hint style="warning" %} Don't forget about possibility to take photo of a phone screen in real life. {% endhint %} ### Statistics This problem is not as insignificant, as it looks like. Our data shows, that around 1.5% of devices on which screenshot was detected; and 0.1% where recording was detected.

Global Threat Rate for Screenshot (source my.talsec.app)

Global Threat Rate for Screen Recording (source my.talsec.app)

{% hint style="success" %} More actual global data can be found at [Talsec portal](https://my.talsec.app/). {% endhint %} ## How to Detect Screen Capture/Recording? Detecting screen capture is tricky, since Android doesn’t offer a universal system-level API for all cases. DIY methods (like flagging windows with `FLAG_SECURE`) work only partially and can break user experience. To provide reliable and strong detection, it's good idea to use specialised, continuously updated SDKs. These can provide: * Newly updated detection techniques * Deeper check of device * Nice API for end developer to interact with, rather than reinventing a wheel #### **freeRASP (by Talsec)** * Strong screenshot and screen recording detections * Actively maintained ([changelog](https://docs.talsec.app/freerasp/whats-new-and-changelog)) * Comes with [14 extra detections](https://docs.talsec.app/freerasp/wiki/threat-detection) like app integrity, Frida and hooking, emulators, debugging, screenshots, etc. * Used by 6000+ apps; #1 Mobile RASP SDK by popularity ([link](https://42matters.com/sdk-analysis/top-security-and-privacy-sdks#talsec)) #### **Integration Example** Add the [freeRASP](https://app.gitbook.com/s/Q2PxZTOjhquOxcxftTrm/freerasp/introduction) in your project, focus on implementing the following callback: ```kotlin Talsec.start(applicationContext) override fun onScreenshotDetected() { Log.w("freeRASP", "Screenshot detected!") // Optionally block sensitive actions or warn the user } override fun onScreenRecordingDetected() { Log.w("freeRASP", "Screenshot detected!") // Optionally block sensitive actions or warn the user } ``` #### Commercial Alternatives When evaluating mobile app security and Runtime Application Self-Protection (RASP), developers often compare various Talsec alternatives to find the right fit for their architecture. The "right choice" depends on the specific problem you need to tackle and which vendor offers the best **bang for your buck**. The market is diverse, offering different philosophical approaches to protection. Talsec prioritizes top-tier root detection and a balanced security SDK portfolio covering the most popular attack vectors. Meanwhile, some vendors specialize primarily in heavy code obfuscation and compiler-based hardening, while others focus on a drag-and-drop (no-code) integration experience for DevOps-oriented teams. There are also solutions dedicated specifically to API security, active cloud hardening, enterprise compliance, or gaming protection. The most prominent providers alongside **Talsec** include **Guardsquare**, **Appdome**, **Promon**, **Build38**, **Approov**, and **AppSealing**. {% hint style="success" %} Handle App Security with a Single Solution! Check Out Talsec's Premium Offer & Plan Comparison!
#### Apps Security Threats Report 2025 #### Plans Comparison #### Premium Products: * [RASP+](https://app.gitbook.com/s/xFHPMAbn16uoDyOtoiaC/product/rasp) - An advanced security SDK that actively shields your app from reverse engineering, tampering, rooting/jailbreaking, and runtime attacks like hooking or debugging. * [AppiCrypt](https://docs.talsec.app/premium-products/product/appicrypt) (Android & iOS) & [AppiCrypt for Web](https://app.gitbook.com/s/xFHPMAbn16uoDyOtoiaC/product/appicryptweb) - A backend defense system that verifies the integrity of the calling app and device to block bots, scripts, and unauthorized clients from accessing your API. * [Malware Detection](https://docs.talsec.app/premium-products/product/malware-detection) - Scans the user's device for known malicious packages, suspicious "clones," and risky permissions to prevent fraud and data theft. * [Dynamic TLS Pinning](https://docs.talsec.app/premium-products/product/app-hardening#about-dynamic-tls-pinning) - Prevents Man-in-the-Middle (MitM) attacks by validating server certificates that can be updated remotely without needing to publish a new app version. * [Secret Vault](https://docs.talsec.app/premium-products/product/app-hardening#about-secret-vault) - A secure storage solution that encrypts and obfuscates sensitive data (like API keys or tokens) to prevent them from being extracted during reverse engineering. {% endhint %}