# Permissive Screenshot option set

## Overview

* **Rule ID**: `java_android_prevent_screenshot`
* **Applicable Languages**: Java
* **Weakness ID**: CWE-200

## Description

The Android operating system has the capability to capture screenshots of the current application view, even when the app is minimized. This capability is governed by the FLAG\_SECURE option. If FLAG\_SECURE is not enabled, Android allows screenshots to capture potentially sensitive information.

## Risks

Android apps without **FLAG\_SECURE** enabled can inadvertently capture and expose sensitive user data through screenshots, potentially compromising privacy and security.

## Remediation Guidelines

Ensure the **FLAG\_SECURE** option is set to `true` in your Android application to prevent the system from capturing screenshots of your app's activities. This is essential for safeguarding potentially sensitive information from being captured and stored in screenshots.

`getWindow().setFlags(WindowManager.LayoutParams.FLAG_SECURE, WindowManager.LayoutParams.FLAG_SECURE);`

## References

* [**CWE-200: Exposure of Sensitive Information to an Unauthorized Actor**](https://cwe.mitre.org/data/definitions/200.html)
* [**A01:2021 - Broken Access Control**](https://owasp.org/Top10/A01_2021-Broken_Access_Control/)

## Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our [**SAST TOOL**](https://scopy.sec1.io/login)