Skip to content

iOS privacy shield is applied too late to protect app-switcher snapshots #921

Description

@piyalbasu

Summary

The new iOS privacy shield added for background protection is shown in applicationDidEnterBackground, which is too late to reliably protect the app-switcher snapshot.

On iOS, the snapshot used in the app switcher is taken after applicationWillResignActive and before applicationDidEnterBackground. That means wallet contents can still appear in the recents thumbnail even though the PR intends to prevent that.

Current behavior

In ios/freighter-mobile/AppDelegate.swift, the shield is raised in:

func applicationDidEnterBackground(_ application: UIApplication)

The surrounding comment says the snapshot is still taken after didEnterBackground, but iOS lifecycle timing works the other way around.

Security impact

Sensitive wallet data may still be visible in the iOS app switcher / recents view after backgrounding.

Expected behavior

The privacy shield should be applied before the app-switcher snapshot is captured, while still preserving the existing resume behavior that keeps the shield up until JS settles the auto-lock decision.

Suggested direction

  • Raise the shield no later than applicationWillResignActive
  • Preserve the existing guarded-hide behavior on foreground
  • Add lifecycle handling so Face ID / transient inactive states do not leave the shield stuck or create bad flicker

Notes

This appears to be a pre-existing exposure on iOS, but the new shield implementation does not fully fix it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions