Clipboard Protection¶
Restricting copy and paste functionality may be necessary for applications that handle confidential or sensitive data. This ensures that data does not leave the application through user actions or through a malicious app that reads the clipboard. Even if malware cannot break into an application, it can still read the clipboard content and steal data.
Once clipboard protection is enabled on the server, you can add the ClipboardProtectionService instance to the SDKInitializer.start method. This ensures that data copied or cut within a protected application cannot be pasted into external applications. It also ensures that content from external applications cannot be pasted into the protected application.
The ClipboardProtectionService constructor accepts an optional argument to enable protection before receiving the signal from the server. By default, this feature is disabled.
val services = mutableListOf<MobileService>()
services.add(ClipboardProtectionService(initClipboardProtectionEnabled = true))
SDKInitializer.start(this, * services.toTypedArray())
Currently, clipboard protection supports only text, not images or other formats. For View-Based apps, no additional configuration is required.
Note
Content copied or cut from external apps will still appear in the clipboard history list, allowing users to paste it directly by clicking on it. Currently, there is no way to prevent this behavior.
Additionally, starting with SDK V25.4.0, clipboard protection will not work on View-Based apps for Samsung devices running on Android 11 or lower, as users can bypass the protection using the clipboard history.
Clipboard Protection for Jetpack Compose Based Apps¶
In a Jetpack Compose environment, in addition to adding the ClipboardProtectionService instance to the SDKInitializer.start method, you must use sdkClipboard provided by ClipboardProtectionService as a localClipboard. Note that sdkClipboardManager is deprecated since SDK V26.4.0, and LocalClipboardManager is deprecated as well. The following example shows how. Ensure you convert sdkClipboard to androidx.compose.ui.platform.Clipboard first:
setContent {
FioriHorizonTheme {
// Make sure you import `androidx.compose.ui.platform.Clipboard`.
val localClipboard =
SDKInitializer.getService(ClipboardProtectionService::class)?.sdkClipboard as? Clipboard
?: LocalClipboard.current
CompositionLocalProvider(
LocalClipboard provides localClipboard
) {
// Add your code
}
}
}
Note
The sdkClipboard works only for composable views. Starting with SDK V24.12.0, if your project uses the flows-compose library and the FlowComposeTheme, you no longer need to implement the localClipboard logic because it is already included in FlowComposeTheme.
setContent {
FlowComposeTheme {
// Add your code
}
}
The code above is added to the onCreate method, and the sdkClipboard will protect any screens contained within the CompositionLocalProvider.
Clipboard Protection for WebView in Compose-Based Apps¶
For Jetpack Compose-based apps, you need to customize the WebView to enable clipboard protection. For example:
@Composable
fun CustomWebView(url: String) {
val clipboardProtectionService = SDKInitializer.getService(ClipboardProtectionService::class)
AndroidView(
factory = { context ->
WebView(context).apply {
// Make sure JavaScript is enabled.
settings.javaScriptEnabled = true
webViewClient = object : WebViewClient() {
override fun onPageFinished(view: WebView, url: String) {
super.onPageFinished(view, url)
// Inject JavaScript code supplied by ClipboardProtectionService.
clipboardProtectionService?.let {
evaluateJavascript(it.getJavaScriptCodeForWebView(), null)
}
}
}
// Make sure the injected JavaScript code above can invoke the functions from ClipboardProtectionService.
clipboardProtectionService?.let { addJavascriptInterface(it.JsWebInterface(), ClipboardProtectionService.JS_FUNC_ACCESS_NAME) }
loadUrl(url)
}
}
)
}
The ClipboardProtectionService provides JavaScript code for WebView to support clipboard protection. To add your own JavaScript code, combine it with the provided code into a single string, placing your code before the provided code. Then pass the combined string to evaluateJavascript in the onPageFinished method.
Note
For Samsung devices running on Android 11 or lower, if the content of WebView (in Compose-Based apps) contains IFrames, clipboard protection will not work on the IFrames.