How to programmatically detect if any screen recording process/app is running in Android?

Question

I don't want users to take screenshot or record screen of my app. I have added secure flag to the window. This prevents user from taking screenshots and recording screen.

If the screen recording is on, my app prevents the content from being recorded but the audio gets recorded.

On some rooted devices, the secure flags may not work as expected. So I just want to detect if any screen recording app/process is running in background so that I can hide sensitive data and prevent it from being recorded.

Is there any way I can detect if the screen recording is on?

Answer 1

For Android 15+ devices there is a new API to detect screen recording.

val mCallback = Consumer<Int> { state ->
  if (state == SCREEN_RECORDING_STATE_VISIBLE) {
    // We're being recorded
  } else {
    // We're not being recorded
  }
}

override fun onStart() {
   super.onStart()
   val initialState =
      windowManager.addScreenRecordingCallback(mainExecutor, mCallback)
   mCallback.accept(initialState)
}

override fun onStop() {
    super.onStop()
    windowManager.removeScreenRecordingCallback(mCallback)
}

Taken from https://developer.android.com/about/versions/15/features#screen-recording-detection

Answer 2

I think there is one way you detect screen recording on or off by DisplayManager.DisplayListener

Here is my code:

val listener = object : DisplayManager.DisplayListener {

        override fun onDisplayChanged(displayId: Int) {
               Log.d("test","1")
           //it detect something chnage in screen 
           //you can mute it from here

        }

        override fun onDisplayAdded(displayId: Int) {
         Log.d("test","2")
             //you can mute it to here from
             

        }

        override fun onDisplayRemoved(displayId: Int) {
                    Log.d("test","3")
                    //final here you can unMute it 
            }
    

Answer 3

As @CommonsWare said there is no way

of knowing particular apps or processes that are using the media projection API, this seems impractical.

However you can use the FLAG_SECURE like so.

getWindow().setFlags(LayoutParams.FLAG_SECURE, LayoutParams.FLAG_SECURE); 

as stated in the docs here.

Answer 4

The answer here is really just general for security. Once data flows to someone's device then you must assume that they can get full, unrestricted access to it. Everything else is in some sense just obfuscation. It is just making it a little more difficult at best. Even if the device's software provides some protection, the user has physical access to the device and can root it. At some point data has to be unencrypted and deobfuscated, so that it can be shown to the user and a malicious user can MITM that. If you want better security then it needs to be provided by the device via hardware. This was a big issue with movies being streamed to mobile devices at first. Device's needed a special hardware encrypted channel that decrypts to some ungodly amount of data per second making it difficult to write back to a disk if someone tried to MITM the unencrypted data on it's way to the screen.

Now the above is just to show that it is impossible to guarntee that you can control the data when it goes to a user's device. Instead, you should take a step back and ask what you are trying to accomplish? What type of behavior are you trying to prevent? If a small number of technically savvy users are able to workaround your protections, is that okay or a big deal? What is an acceptable rate of data "leaking". This really depends on how sensitive the data is and what type of guarantee you are telling users you have over it. This aspect is 100% the most critical part. If you are telling users that the data they sent is guaranteed to be ephemeral then that is impossible. Trying to build that and patch all the holes and play the whack a mole game is a losing battle. The only way to win is not to play.