GROW
CODA App

config

Obfuscate Mobile UI

This issue is found automatically by CODA.
Time to fix: 30min

Why is this an issue?

The glide.ui.m.blur_ui_when_backgrounded property is used to obfuscate all fields from the snapshot as the image is saved during the backgrounding process.

A compromised device would allow an attacker to have full access to the file system, such as images and prints, which could cause an information leak.

Both iOS and Android operating systems takes a screenshot for usage in the recent task menu when the application is sent to background. Even if this operation is to promote a better user experience, it causes a security breach for the instance.

Best practices

By ServiceNow recommendation, this property must have TRUE as value, to obfuscate all fields from the snapshot as the image is saved during the backgrounding process.

For this configuration to be applied, the user needs to log into the instance with the property enabled (with TRUE value).

This is an example of how it would look on iOS. And it turns blacked out for for Android devices.

Obfuscate Mobile UI
Example of what the screen would look like with obfustation.