忽略APP截屏缓存

为了在交互方面提供可视的过度效果,iOS截取app当前界面,并把它保存在了 the device NAND flash中.这也会引起另外一个问题: app正在运行时,这时点击home键,或者来了个电话,或者其他操作导致,当前app挂起到后台.此时系统会截取当前屏幕的快照,如果快照中保存着用户的关键隐私信息(姓名,地址,银行卡等信息).如果你再次双加home键时你会看到,当前的截图信息.这会造成不必要的信息泄漏.

解决方法:

为了保存用户意思隐私采用如下办法:
1.在当前控制器中注册通知观察者:

 [[NSNotificationCenter defaultCenter] addObserver:self
                                             selector:@selector(didReceiveBackgroundingNotification:)
                                                 name:UIApplicationWillResignActiveNotification
                                               object:nil];
 [[NSNotificationCenter defaultCenter] addObserver:self
                                             selector:@selector(didReceiveForegroundingNotification:)
                                                 name:UIApplicationDidBecomeActiveNotification
                                               object:nil];

//通知触发方法实现:(在系统截屏之前)添加自定义视图

- (void)applicationDidEnterBackground:(UIApplication *)application
{

        UIImageView *imageView = [[UIImageView alloc] initWithFrame:self.window.bounds];

        imageView.tag = 101;    // Give some decent tagvalue or keep a reference of imageView in self
    //    imageView.backgroundColor = [UIColor redColor];
        [imageView setImage:[UIImage imageNamed:@"Default.png"]];   // assuming Default.png is your splash image's name
//这里的image可以获取当前的截图进行模糊化处理(以后会补充demo,也就是别人的拿来用0.0;),此处只是加载了一张默认图   [UIApplication.sharedApplication.keyWindow.subviews.lastObject addSubview:imageView];
}

- (void)applicationWillEnterForeground:(UIApplication *)application
{
    UIImageView *imageView = (UIImageView *)[UIApplication.sharedApplication.keyWindow.subviews.lastObject viewWithTag:101];   // search by the same tag value
    [imageView removeFromSuperview];

}

英文原文:

In order to provide the visual transitions in the interface, iOS has been proven to capture and store snapshots (screenshots or captures) as images stored in the file system portion of the device NAND flash. This occurs when an application suspends (rather than terminates), when either the home button is pressed, or a phone call or other event temporarily suspends the application. These images can often contain user and application data. In one published case, they contained the user’s full name, DOB, address, employer, and credit scores

Remediation

To protect sensitive data, block caching of application snapshots using API configuration or code.

When applicationDidEnterBackground: method returns, the snapshot of the application user interface is taken, and it’s used for transition animations and stored in the filesystem. This method should be overridden and all the sensitive information in the user interface should be removed before it returns. This way the snapshot will not contain them.

参考:

1.文章:[AVOID CACHED APPLICATION SNAPSHOTS][1]
[1]:https://www.nowsecure.com/resources/secure-mobile-development/ios/avoid-cached-application-snapshots/
2.银行卡扫描库:CardIOPaymentViewController.m中自动模糊截屏,[card.io-iOS-source][2]
[2]:https://github.com/card-io/card.io-iOS-source