From f862a4be97369a59725074f0f29c42ff0f1f2706 Mon Sep 17 00:00:00 2001 From: Milan Date: Fri, 19 Jul 2024 15:34:42 +0200 Subject: [PATCH] [#477] Hiding sensitive clipboard information * [#477] Hiding sensitive clipboard information Closes #477 * [#477] Hiding sensitive clipboard information from api <33 Closes #477 * [#477] Code cleanup Closes #477 * Changelog update --------- Co-authored-by: Honza --- CHANGELOG.md | 3 ++ docs/whatsNew/WHATS_NEW_EN.md | 2 ++ .../zcash/spackle/ClipboardManagerExt.kt | 13 -------- .../zcash/spackle/ClipboardManagerUtil.kt | 33 ++++++++++++------- .../electriccoin/zcash/spackle/ContextExt.kt | 2 ++ .../src/main/res/values/strings.xml | 4 +++ 6 files changed, 33 insertions(+), 24 deletions(-) delete mode 100644 spackle-android-lib/src/main/kotlin/co/electriccoin/zcash/spackle/ClipboardManagerExt.kt create mode 100644 spackle-android-lib/src/main/res/values/strings.xml diff --git a/CHANGELOG.md b/CHANGELOG.md index 2eb6a001..01cd6dd1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,9 @@ and this application adheres to [Semantic Versioning](https://semver.org/spec/v2 - A new What's New screen has been added, accessible from the About screen. It contains the release notes parsed from the new [docs/whatsNew/WHATS_NEW_EN.md] file - These release notes and release priority are both propagated to every new Google Play release using CI logic +- Copying sensitive information like addresses, transaction IDs, or wallet secrets into the device clipboard is now + masked out from the system visual confirmation, but it's still copied as expected. `ClipDescription.EXTRA_IS_SENSITIVE` +flag is used on Android SDK level 33 and higher, masking out the `Toast` text on levels below it. ### Changed - The About screen has been redesigned to align with the new design guidelines diff --git a/docs/whatsNew/WHATS_NEW_EN.md b/docs/whatsNew/WHATS_NEW_EN.md index 69bda7ea..55a804f7 100644 --- a/docs/whatsNew/WHATS_NEW_EN.md +++ b/docs/whatsNew/WHATS_NEW_EN.md @@ -11,6 +11,8 @@ directly impact users rather than highlighting other key architectural updates.* ### Added - A new What's New screen has been added, accessible from the About screen +- Copying sensitive information like addresses, transaction IDs, or wallet secrets into the device clipboard is now + masked out from the system visual confirmation, but it's still copied as expected. ### Changed - The About screen has been redesigned to align with the new design guidelines diff --git a/spackle-android-lib/src/main/kotlin/co/electriccoin/zcash/spackle/ClipboardManagerExt.kt b/spackle-android-lib/src/main/kotlin/co/electriccoin/zcash/spackle/ClipboardManagerExt.kt deleted file mode 100644 index fdc1fce2..00000000 --- a/spackle-android-lib/src/main/kotlin/co/electriccoin/zcash/spackle/ClipboardManagerExt.kt +++ /dev/null @@ -1,13 +0,0 @@ -@file:Suppress("ktlint:standard:filename") - -package co.electriccoin.zcash.spackle - -import android.content.ClipData -import android.content.ClipboardManager -import kotlinx.coroutines.Dispatchers -import kotlinx.coroutines.withContext - -suspend fun ClipboardManager.setPrimaryClipSuspend(data: ClipData) = - withContext(Dispatchers.IO) { - setPrimaryClip(data) - } diff --git a/spackle-android-lib/src/main/kotlin/co/electriccoin/zcash/spackle/ClipboardManagerUtil.kt b/spackle-android-lib/src/main/kotlin/co/electriccoin/zcash/spackle/ClipboardManagerUtil.kt index ba7ffe56..767cad5b 100644 --- a/spackle-android-lib/src/main/kotlin/co/electriccoin/zcash/spackle/ClipboardManagerUtil.kt +++ b/spackle-android-lib/src/main/kotlin/co/electriccoin/zcash/spackle/ClipboardManagerUtil.kt @@ -1,35 +1,46 @@ package co.electriccoin.zcash.spackle import android.content.ClipData +import android.content.ClipDescription import android.content.ClipboardManager import android.content.Context +import android.os.PersistableBundle import android.widget.Toast +import kotlinx.coroutines.Dispatchers import kotlinx.coroutines.runBlocking object ClipboardManagerUtil { + private val extraIsSensitive: String + get() = + if (AndroidApiVersion.isAtLeastT) { + ClipDescription.EXTRA_IS_SENSITIVE + } else { + "android.content.extra.IS_SENSITIVE" + } + fun copyToClipboard( context: Context, label: String, value: String ) { Twig.info { "Copied to clipboard: label: $label, value: $value" } - val clipboardManager = context.getSystemService(ClipboardManager::class.java) + val clipboardManager = context.getSystemService() val data = - ClipData.newPlainText( - label, - value - ) + ClipData.newPlainText(label, value).apply { + description.extras = + PersistableBundle().apply { + putBoolean(extraIsSensitive, true) + } + } if (AndroidApiVersion.isAtLeastT) { // API 33 and later implement their system Toast UI. clipboardManager.setPrimaryClip(data) } else { // Blocking call is fine here, as we just moved to the IO thread to satisfy theStrictMode on an older API - runBlocking { clipboardManager.setPrimaryClipSuspend(data) } - Toast.makeText( - context, - value, - Toast.LENGTH_SHORT - ).show() + runBlocking(Dispatchers.IO) { + clipboardManager.setPrimaryClip(data) + } + Toast.makeText(context, context.getString(R.string.hide_clipboard_placeholder), Toast.LENGTH_SHORT).show() } } } diff --git a/spackle-android-lib/src/main/kotlin/co/electriccoin/zcash/spackle/ContextExt.kt b/spackle-android-lib/src/main/kotlin/co/electriccoin/zcash/spackle/ContextExt.kt index 7878d8cd..3761ebd7 100644 --- a/spackle-android-lib/src/main/kotlin/co/electriccoin/zcash/spackle/ContextExt.kt +++ b/spackle-android-lib/src/main/kotlin/co/electriccoin/zcash/spackle/ContextExt.kt @@ -20,3 +20,5 @@ suspend fun Context.getInternalCacheDirSuspend(subDirectory: String?): File = withContext(Dispatchers.IO) { (subDirectory?.let { File(cacheDir, subDirectory) } ?: cacheDir).apply { mkdirsSuspend() } } + +inline fun Context.getSystemService(): T = getSystemService(T::class.java) diff --git a/spackle-android-lib/src/main/res/values/strings.xml b/spackle-android-lib/src/main/res/values/strings.xml new file mode 100644 index 00000000..7fbc7016 --- /dev/null +++ b/spackle-android-lib/src/main/res/values/strings.xml @@ -0,0 +1,4 @@ + + + ****** +