Session Management / Auto-Generated Screenhots

Description

Manufacturers want to provide device users with an aesthetically pleasing effect when an application is started or exited, so they introduced the concept of saving a screenshot when the application goes into the background.

Risk

This feature can pose a security risk because screenshots (which may display sensitive information such as an email or corporate documents) are written to local storage, where they can be recovered by a rogue application with a sandbox bypass exploit or someone who steals the device.

Solution

When backgrounding the app, the background image should be overlaid with a pre-defined image. This prevents the application from leaking sensitive information, as it will always override the current view.