Android thirteen QPR2 now prevents you from screenshotting your Wi-Fi credentials

elevating FLAG_SECURE on but but one extra exercise

definitely one of many behind-the-scenes levers in Android that app publishers and even gadget producers on the system side of issues can pull to shield any contents from being purloined with a screengrab of any form is the safe flag (that is FLAG_SECURE for the devs inside the again). it is good for implementing copyright to the chagrin of DRM haters in each place — there are strategies of getting round it, however fewer than there have been years in the past and, as such, extra complicated — however it is additionally terrific for shielding the merchandise in your password supervisor. however do you truly want that form of safety if you are simply attempting to share your Wi-Fi credentials with agency at your private dwelling? Google seems to suppose so.


The famend explorer of Android Mishaal Rahman picked up on a Google challenge Tracker thread from yesterday the place a Pixel 7 proprietor on Android thirteen QPR2 Beta three was simply attempting to screenshot the QR code off of the Wi-Fi sharing website — which, by the biggest means, requires authentication for these who’ve set it as a lot as entry. however as a substitute of getting an right screenshot, all they obtained was a clear display.


We had been in a place to breed it on a Pixel 6a with the identical beta.

“Why do i want to ask Google’s permission to take a screenshot alone telephone,” lamented the complainant, “and why can Google deny it? Why does Google forestall me from using my very personal telephone the biggest means i want to? Is it important to make the most of a personalized ROM to take pleasure in my very personal models? i do not understand.”

A Google engineer promptly responded, saying that the function was working as supposed and will not be mounted. further person sanctimony commenced with a pair extra suggestions downstream.

Rahman notes that FLAG_SECURE was added to the Wi-Fi sharing exercise again with QPR2 Beta 1.

Wi-Fi credential sharing through QR codes is a pair of half-step safer than sharing a plaintext password, which you may be in a place to’t do in your Android gadget. that does not assist in sure situations the place you are attempting to log onto the community with a mannequin new gadget that does not assist studying QR codes — that are good issues, for these who’ve not heard — and also you presumably can’t bear in thoughts the exact password off-hand.

with out the safe flag, prospects might screenshot and be taught the QR code on their dwelling Android gadget to get the plaintext password (additionally listed beneath acknowledged QR code on Pixels, however not every Android gadget) that they might then enter to their vacation spot gadget. With the flag in place, properly, every little thing’s simply that rather extra sturdy if it is important to contain a third gadget which will be taught QR codes or if it is important to root your telephone to bypass the flag.

however God forbid we now should ask a barista or IT for the password as quickly as extra.


Post a Comment