Summary
The new iOS privacy shield added for background protection is shown in applicationDidEnterBackground, which is too late to reliably protect the app-switcher snapshot.
On iOS, the snapshot used in the app switcher is taken after applicationWillResignActive and before applicationDidEnterBackground. That means wallet contents can still appear in the recents thumbnail even though the PR intends to prevent that.
Current behavior
In ios/freighter-mobile/AppDelegate.swift, the shield is raised in:
func applicationDidEnterBackground(_ application: UIApplication)
The surrounding comment says the snapshot is still taken after didEnterBackground, but iOS lifecycle timing works the other way around.
Security impact
Sensitive wallet data may still be visible in the iOS app switcher / recents view after backgrounding.
Expected behavior
The privacy shield should be applied before the app-switcher snapshot is captured, while still preserving the existing resume behavior that keeps the shield up until JS settles the auto-lock decision.
Suggested direction
- Raise the shield no later than
applicationWillResignActive
- Preserve the existing guarded-hide behavior on foreground
- Add lifecycle handling so Face ID / transient inactive states do not leave the shield stuck or create bad flicker
Notes
This appears to be a pre-existing exposure on iOS, but the new shield implementation does not fully fix it.
Summary
The new iOS privacy shield added for background protection is shown in
applicationDidEnterBackground, which is too late to reliably protect the app-switcher snapshot.On iOS, the snapshot used in the app switcher is taken after
applicationWillResignActiveand beforeapplicationDidEnterBackground. That means wallet contents can still appear in the recents thumbnail even though the PR intends to prevent that.Current behavior
In
ios/freighter-mobile/AppDelegate.swift, the shield is raised in:The surrounding comment says the snapshot is still taken after
didEnterBackground, but iOS lifecycle timing works the other way around.Security impact
Sensitive wallet data may still be visible in the iOS app switcher / recents view after backgrounding.
Expected behavior
The privacy shield should be applied before the app-switcher snapshot is captured, while still preserving the existing resume behavior that keeps the shield up until JS settles the auto-lock decision.
Suggested direction
applicationWillResignActiveNotes
This appears to be a pre-existing exposure on iOS, but the new shield implementation does not fully fix it.