xamarin

Smart Security Features in Cross Platform Apps using Xamarin

Abstract

Over thousands of mobile apps are released everyday but only few of them are implemented with security features which are worthy if implemented in transactional apps .This article will give you a description of these enhanced security features that can be implemented in hybrid apps using Xamarin for both Android and iOS.

Introduction

It comes with lot of challenges while developing cross platforms apps when it requires to implement security inside app say blocking screen shots, blocking copy/paste or hiding apps transactional pages when app is in background.. As you all know Android apps and iOS apps behaves differently to incorporate security. Apple’s iOS is considered to be the most secure as compared to Android. Moreover all iOS apps go through a scrutinised review process performed by Apple core team before being published on iTunes. Unfortunately this does not guarantee that all iOS apps are completely secure as this process does not ensure custom security features developed in apps. Enhanced security features that can be implemented in hybrid apps using Xamarin are described in this article.

Blocking COPY/PASTE feature from editable fields in App:

Though, labels are already static fields so nothing can be copied from a Label. To block copy and paste function from an entry field, developer needs to write different renderer natively for entry fields in both iOS and Android.

Android:

In OnElementChanged method, add the following line of code.
Control.CustomSelectionActionModeCallback = new EditActionModeCallback(CurrentActivity);
This Callback customizes the text selection menu by removing Select All and adding some styling actions. Now make a class named EditActionModeCallback for customizing various actions, here is an example of blocking text selection-
public class EditActionModeCallback : Java.Lang.Object, ActionMode.ICallback
{
Activity context;
public EditActionModeCallback(Activity context)
: base() {
this.context = context; }
public bool OnActionItemClicked(ActionMode mode, IMenuItem item) {
return false; }
public bool OnCreateActionMode(ActionMode mode, IMenu menu) {
return false; } }

iOS:

In EntryRenderer for iOS call the override method CanPerform for blocking text selection and text pasting in Entry.
public override bool CanPerform(Selector action, NSObject withSender)
{
NSOperationQueue.MainQueue.AddOperation(() => {
UIMenuController.SharedMenuController.SetMenuVisible(false, false); });
return base.CanPerform(action, withSender); }

If you want to block text selection from WebView then you will need to put your html content in div where style would be 'user-select:none;' This can be implemented in the following way:- HtmlWebViewSource htmlWebViewSource = new HtmlWebViewSource();
htmlWebViewSource.Html = @"
 + description + "";}

Blocking Screen Capture in Xamarin Apps:

Blocking of Screenshot capturing can only be implemented in Android Apps. iOS does not allow blocking of screen shot capturing. This is a technology limitation for now. But you can easily block screen capture in Android Apps as given below.

In the OnCreate method of MainActivity of your app set the following flag as
Window.SetFlags(WindowManagerFlags.Secure, WindowManagerFlags.Secure);
Once the above flag is set then it will block the screen capture in android app. You also can clear the flag after setting it up if necessary by the following line f code.
Window.ClearFlags(WindowManagerFlags.Secure);

Hiding the Content of the App when application goes from foreground to background:

iOS:

In case of iOS you can overlay a security screen in the form of a image when application goes from foreground to background. Now the user will not be able to see any content of the app in background. Only an overlay image will be visible say for example it could be app Splash screen. In iOS it can be achieved in the following way:

Call the override method OnResignActivation in AppDelegate class as follows
public override void OnResignActivation(UIApplication uiApplication)
{
var frame = uiApplication.KeyWindow.Frame; var view = new UIView(frame) {
Tag = new nint(101) }; UIImageView imgview = new UIImageView(view.Frame); imgview.Image = UIImage.FromBundle("OverLaySecurityImage.png"); //It is the overlay image which you want to display
view.AddSubview(imgview); uiApplication.KeyWindow.AddSubview(view); uiApplication.KeyWindow.BringSubviewToFront(view); } }
The above method will be called when the app goes from foreground to background and it will overlay the security image over the content of the app. When app activates or when app comes to foreground from background then call OnActivated as listed below for removing the overlay screen.

public override void OnActivated(UIApplication uiApplication)
{
Instance = this; var view = uiApplication.KeyWindow.ViewWithTag(new nint(101)); view?.RemoveFromSuperview(); base.OnActivated(uiApplication); }

Android:

In case of android you can not put a security image over the content when the app goes from foreground to background. The only thing you can do is that you can display a white screen. And this can be done by setting the same flag what is used to block capturing of screen shot.

Window.SetFlags(WindowManagerFlags.Secure, WindowManagerFlags.Secure);

Limitations:
1. In case of Android, there is only one flag provided by Android OS to achieve Block Screen Shot capturing and Hiding screen’s content when app appears in background. This means enabling flag to block screen shot capturing will also hide screen’s content when app is in background.
2. iOS does not allow blocking of screen shot capturing with in app.

About Author:

Qss author image About Author: Vinod Gangwar is a Xamarin Developer currently working with QSS Technosoft having 2 years of niche experience in using Xamarin Native and Xamarin forms (PCL, Shared). He is a continuous learner of Xamarin related techniques.

About QSS:

QSS has a proven track executing Xamarin based cross platform mobile applications for its esteemed customers. The company has a core competency in developing and delivering Enterprise level Xamarin applications both in on Native and Hybrid platforms. The Xamarin competency has experienced and dedicated team of Xamarin developers. To Know More...