Clipboard Protection¶
Restricting the ability to copy or paste content may be necessary for applications that handle confidential or sensitive data. This ensures that data does not cross the application boundary through user actions or via the clipboard. Even if malware cannot penetrate an application, it could still potentially read the clipboard's content and steal data.
The mobile services integrates the ClipboardManager API to access and manage the system clipboard. Once clipboard protection is enabled on the server, developers can add the ClipboardProtectionService instance to the SDKInitializer.start method. This ensures that data copied or cut within a protected application cannot be pasted into external applications, and vice versa.
The ClipboardProtectionService constructor accepts an optional argument to enable protection before receiving the signal from the server. By default, this feature is disabled.
val services = mutableListOf<MobileService>()
services.add(ClipboardProtectionService(initClipboardProtectionEnabled = true))
SDKInitializer.start(this, * services.toTypedArray())
Currently, clipboard protection supports only text, not images or other formats. For View-Based apps, no additional configuration is required.
Note
Content copied or cut from external apps will still appear in the clipboard history list, allowing users to paste it directly by clicking on it. Currently, there is no way to prevent this behavior.
Additionally, starting with SDK V25.4.0, clipboard protection will not work on View-Based apps for Samsung devices running on Android 11 or lower, as users can bypass the protection using the clipboard history.
Clipboard Protection for Jetpack Compose Based Apps¶
In a Jetpack Compose environment (as opposed to the View-Based environment), in addition to adding the ClipboardProtectionService instance to the SDKInitializer.start method, you must use the sdkClipboardManager provided by ClipboardProtectionService as a localClipboardManager. The following example demonstrates this. Ensure you convert sdkClipboardManager to androidx.compose.ui.platform.ClipboardManager first:
setContent {
FioriHorizonTheme {
// Make sure you import `androidx.compose.ui.platform.ClipboardManager`.
val localClipboardManager =
SDKInitializer.getService(ClipboardProtectionService::class)?.sdkClipboardManager as? ClipboardManager
?: LocalClipboardManager.current
CompositionLocalProvider(
LocalClipboardManager provides localClipboardManager
) {
// Add your code
}
}
}
Note
The sdkClipboardManager works only for composable views. Starting with SDK V24.12.0, if your project uses the flows-compose library and the FlowComposeTheme, you no longer need to implement the localClipboardManager logic, as it is already included in FlowComposeTheme.
setContent {
FlowComposeTheme {
// Add your code
}
}
This block of code is added to the onCreate method, and the sdkClipboardManager will protect any screens contained within the CompositionLocalProvider.
Clipboard Protection for WebView in Compose-Based Apps¶
For Jetpack Compose-based apps, you need to customize the WebView to enable clipboard protection. For example:
@Composable
fun CustomWebView(url: String) {
val clipboardProtectionService = SDKInitializer.getService(ClipboardProtectionService::class)
AndroidView(
factory = { context ->
WebView(context).apply {
// Make sure JavaScript is enabled.
settings.javaScriptEnabled = true
webViewClient = object : WebViewClient() {
override fun onPageFinished(view: WebView, url: String) {
super.onPageFinished(view, url)
// Inject JavaScript code supplied by ClipboardProtectionService.
clipboardProtectionService?.let {
evaluateJavascript(it.getJavaScriptCodeForWebView(), null)
}
}
}
// Make sure the injected JavaScript code above can invoke the functions from ClipboardProtectionService.
clipboardProtectionService?.let { addJavascriptInterface(it.JsWebInterface(), ClipboardProtectionService.JS_FUNC_ACCESS_NAME) }
loadUrl(url)
}
}
)
}
The ClipboardProtectionService provides JavaScript code for WebView to support clipboard protection. You can add your own JavaScript code in the onPageFinished method before invoking evaluateJavascript. Concatenate your JavaScript code with the provided code as a single string and pass it to evaluateJavascript.
Note
For Samsung devices running on Android 11 or lower, if the content of WebView (in Compose-Based apps) contains IFrames, clipboard protection will not work on the IFrames.