Skip to content

Clipboard Protection

Preventing the ability to copy or paste content may be required for applications that handle confidential or sensitive data, where it is therefore important to prevent data from crossing the application boundary through user actions or via a clipboard. Also, even when malware is not able to penetrate an application, it could still possibly read the contents of the clipboard to potentially steal the data.

The mobile services has integrated the ClipboardManager API to access and manage the system clipboard. After clipboard protection is enabled on the server, the developer can add the ClipboardProtectionService instance to the SDKInitializer.start method. Then, it will handle the primary clip data stored in the clipboard to ensure that the data copied or cut from outside will not be pasted inside a protected application and vice-versa.

ClipboardProtectionService takes one optional argument in the constructor to indicate whether to enable protection before retrieving the signal from the server. By default, it will be disabled.

val services = mutableListOf<MobileService>()
services.add(ClipboardProtectionService(initClipboardProtectionEnabled = true))
SDKInitializer.start(this, * services.toTypedArray())

Note

For Samsung devices with an Android version lower than 12, when entering the app from outside, it will paste " " when protection enabled. When Gboard's clipboard is turned on in Pixels (or something similar on other devices), recently copied or cut content will be displayed in the clipboard and protection will be bypassed.

Enhancement (Jetpack Compose)

In a Jetpack Compose environment (as opposed to the View-Based environment), recently copied or cut internal data will not appear in the clipboard history list. However, for external apps, the copied or cut content will still be displayed in the clipboard history list, and users can paste it directly by clicking on it. Currently, there is no way to prevent this behavior.

To achieve this, besides adding the ClipboardProtectionService instance to the SDKInitializer.start method, you have to use sdkClipboardManager provided by ClipboardProtectionService as a localClipboardManager as shown in the following example. Make sure you convert sdkClipboardManager to androidx.compose.ui.platform.ClipboardManager first:

setContent {
    FlowComposeTheme {
        // Make sure you import `androidx.compose.ui.platform.ClipboardManager`.
        val localClipboardManager =
            clipboardProtectionService?.let {
                it.sdkClipboardManager as ClipboardManager
            } ?: LocalClipboardManager.current
        CompositionLocalProvider(
            LocalClipboardManager provides localClipboardManager
        ) {
            //Add your code
        }
    }
}

This block of code is added to the onCreate method and the sdkClipboardManager will protect any screens contained by CompositionLocalProvider.

Clipboard Protection for WebView

You need to customize the WebView to enable the protection enhancement. For example:

@Composable
fun CustomWebView(url: String) {
    val clipboardProtectionService = SDKInitializer.getService(ClipboardProtectionService::class)
    AndroidView(
        factory = { context ->
            WebView(context).apply {
                // Make sure JavaScript is enabled.
                settings.javaScriptEnabled = true
                webViewClient = object : WebViewClient() {
                    override fun onPageFinished(view: WebView, url: String) {
                        super.onPageFinished(view, url)
                        // Inject JavaScript code supplied by ClipboardProtectionService.
                        clipboardProtectionService?.let {
                            evaluateJavascript(it.getJavaScriptCodeForWebView(), null)
                        }
                    }
                }
                // Make sure the injected JavaScript code above can invoke the functions from ClipboardProtectionService.
                clipboardProtectionService?.let { addJavascriptInterface(it.JsWebInterface(), ClipboardProtectionService.JS_FUNC_ACCESS_NAME) }
                loadUrl(url)
            }
        }
    )
}

ClipboardProtectionService provides JavaScript code for WebView to support the clipboard protection enhancement. You can place your own JavaScript code in the onPageFinished method before evaluateJavascript is invoked. Then concatenate the JavaScript code together as a whole string and pass it into evaluateJavascript to enable the clipboard protection enhancement.


Last update: August 7, 2024