Comments (21)
I don't know.
FWIW, I think that the users should always be able to take screenshots or videos of ther screen (it's their own device). It's ok that app developers provide a hint that some screen should not be captured by default, but device users should always have the possibility to easily bypass this setting. (I know that this is not the current trend from Google or others.)
from scrcpy.
Any updates on this issue? Is there any possibility to bypass it?
You can bypass it by decompiling the APK, disabling FLAG_SECURE for the main view, and recompiling the APK back.
It is very easy to do using "APKLab" extension for Visual Studio Code.
- Open APK using APKLab, it decompiles it into a folder structure with smali files
- in the resulting folder structure search for RegExp android/view/Window;->(set|add)Flag
- Ignore all occurrences in androidx/* or any third-party namespaces
- find (usually only one per app) occurrence that is preceded by setting register to 0x2000 like this:
.line 143
invoke-virtual {p0}, Landroid/app/Activity;->getWindow()Landroid/view/Window;
move-result-object v0
const/16 v1, 0x2000
# invoke-virtual {v0, v1, v1}, Landroid/view/Window;->setFlags(II)V
- comment out whole line calling addFlag/setFlags (as shown above)
- rebuild&sign APK back by right clicking on the "apktool.yml" file and clicking "APKLab: Rebuild the APK"
- install the APK on your device
- enjoy
This approach has been tested on both RSA Authenticator and MS Athenticator apps running on Android 12.
from scrcpy.
Since I added an entry in the FAQ, I'm closing.
from scrcpy.
Now you can (on
dev
branch): 1fdde49
After Testing SafeInCloud
and Enpass
, I can confirm that it works.
from scrcpy.
Very great, thanks for fixing! I now can finally see the password field for paypal on my phone with broken screen ❤️
from scrcpy.
Now you can (on dev
branch): 1fdde49
from scrcpy.
In order to make a banking app work on a rooted device, you just have to add it to Magisk's DenyList.
from scrcpy.
Hello,
Rooted users can bypass FLAG_SECURE
using this LSPosed plugin.
Just tested it successfully.
Thanks
from scrcpy.
Root users may also use this fork which simply runs the scrcpy-server as the system user: #3049 (comment)
from scrcpy.
You can disable it in Silence settings → Privacy → Screen security.
Strangely enough, LineageOS's built-in screen recording app captures these applications without problems.
They probably modified the feature in the ROM, because on AOSP, even screenrecord
do not display the screen content.
from scrcpy.
I really enjoy using scrcpy. I think that it's a great product. Unfortunately I am having the black screen issue mentioned above on some specific apps. I am new to coding so I apologize. I was wondering if someone could explain more in details how you fixed the issue so that I can do it myself.
Thanks for the help!
from scrcpy.
The apps which remain black could not be mirrored with scrcpy (some drm prevent it to be captured).
from scrcpy.
Thank you. Great app.
from scrcpy.
@rom1v Do you know if an app is able to detect the case when an app such as scrcpy
is pretending to be a secure display even though it's not?
The problem I have is that scrcpy
allows taking screenshots and screen recordings, even though it pretends to be a secure screen, which creates a security vulnerability.
Furthermore, even if scrcpy
filtered out protected content from screenshots and recordings, it would be possible to record the whole screen on the computer, unless scrcpy
would filter that too.
But even then, anybody could build scrcpy
from source as it is currently and use it to take screenshots of content that was supposed to be protected. So do you know if it's possible to detect "fake" secure displays?
(I know that it's always possible to take a photo of the phone with an ordinary camera, but I don't need to worry about that, I just need to prevent taking screenshots)
from scrcpy.
I am having the same issue again with some banking app, which prevents taking screenshots too. I am using android 12. Tried the latest dev branch.
from scrcpy.
any update onhow to bypass that? some Bank app are black..even on v 1.23
thanks for help
from scrcpy.
It's not possible on Android >= 12. See #2129
from scrcpy.
Any updates on this issue? Is there any possibility to bypass it?
from scrcpy.
Not since Android 12 #2129.
from scrcpy.
Addendum to @CoolSpot's comment for Duo Mobile
From grepping android/view/Window;->(set|add)Flag
I got five hits. None of them were prefixed with 0x2000. They were prefixed with other register addresses.
I just commented out all of them and it worked like a charm.
from scrcpy.
Root users may also use this fork which simply runs the scrcpy-server as the system user: #3049 (comment)
Is there a non root version for some apps which do not run on rooted devices such as banking apps. Editing the banking app apk to remove the secure flag as suggested above does not seem advisable.
from scrcpy.
Related Issues (20)
- Perfect Pixel (alt+g) not working properly. HOT 3
- ERROR: Could not find any ADB device ERROR: Server connection failed USB debugging enabled HOT 5
- ERROR: Could not find any ADB device ERROR: Server connection failed USB debugging enabled
- The camera cannot be used in IQOO 11S HOT 1
- No audio forwarding on Android 12 HOT 8
- Fail to remotely use scrcpy from MacOS to access the Pixel device connected with Ubuntu host HOT 2
- Enter on Numpad HOT 1
- problème pour contrôler avec la souris HOT 4
- Why tcpip wireless connection gets revoked after a while? HOT 3
- Corrupted screen HOT 1
- Re-setup everytime run 2.3 and 2.4 HOT 3
- Input only via tcpip HOT 2
- Not able use the mouse clicks(left) to navigate through the phone HOT 5
- Requires the ability to pause streaming HOT 4
- Accessing Android work-profile apps HOT 2
- scrcpy killing itself for no reason HOT 3
- Manual installation instructions HOT 5
- OBS unable capture scrcpy audio when --no-video option is used HOT 4
- Question: Why was avcodec and avformat dll file size was big in versions prior to 2.0? HOT 2
- Mic
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scrcpy.