- From: Yash Raj Bharti <notifications@github.com>
- Date: Sun, 22 Dec 2024 19:06:33 -0800
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/manifest/issues/1154@github.com>
## Abstract This proposal explores adding a feature to the Web Manifest that would allow developers to prevent screenshots of specific PWA screens. The functionality aligns with native app behaviors like Google Pay disabling screenshots on payment pages or WhatsApp restricting profile page captures. While the implementation for the web has complexities (e.g., bypassing DRM on Mac by disabling CSS hardware acceleration), PWAs can leverage secure APIs to emulate native app security. <img src="https://github.com/user-attachments/assets/1400af4a-0a6e-4ae3-9736-21424f333b73" alt="Google Pay HomePage" width="250px" /> <img src="https://github.com/user-attachments/assets/bb5a6d6d-a1fa-4034-8a9a-eb609f877999" alt="Google Pay Screenshot not allowed" width="250px" /> <img src="https://github.com/user-attachments/assets/f7dc90cd-0108-464c-b1f7-7fba8d7f323b" alt="Netflix" width="500px" /> ## Background and Motivation Native apps commonly use features like Android's `FLAG_SECURE` or DRM to protect sensitive information from being screenshotted. Implementing similar behavior for PWAs would provide a more secure and privacy-conscious user experience, especially for financial transactions, private messages, or sensitive media. ## Proposed Solution - Add a new attribute in the Web Manifest, e.g., `"screenshot-protection": ["page1", "page2"]`. - Developers can specify an array of page routes or URLs within the PWA where screenshots should be disabled. - The browser, upon detecting these routes, disables screenshots or screen recording for the specified pages. - Leverage platform-specific APIs (e.g., Android's Screen Capture API and `FLAG_SECURE`) to implement this functionality. ## Challenges and Scope 1. **Cross-platform Differences:** While mobile platforms like Android support APIs for screenshot prevention, desktop platforms (e.g., macOS) present challenges due to the potential for bypassing using developer tools or hardware configurations. 2. **Web DRM Complexity:** Implementing DRM for web-based applications has historically been difficult and may require additional considerations for PWAs. 3. **Developer and User Expectations:** Balancing security with usability is critical to avoid over-restrictive or intrusive behavior. ## Future Considerations - Explore how this feature can integrate with existing DRM technologies to safeguard media. - Evaluate browser-level implementation feasibility across platforms. - Investigate potential mechanisms for developers to dynamically enable or disable screenshot protection based on runtime conditions. ## References - [Android's Screen Capture API](https://developer.android.com/about/versions/14/features/screenshot-detection) - DRM-based applications like Netflix, which restrict screenshots through hardware and software combinations. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/1154 You are receiving this because you are subscribed to this thread. Message ID: <w3c/manifest/issues/1154@github.com>
Received on Monday, 23 December 2024 03:06:37 UTC