[Android] Implement setting sensitive content, take 2 #167815
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 3, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 3, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 4, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 5, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 5, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 5, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 5, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 5, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 5, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 5, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 5, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 6, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 6, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 6, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 6, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 7, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 7, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 7, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 7, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 7, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 7, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
May 7, 2025
This was referenced May 19, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
Aug 14, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
Aug 14, 2025
romanejaquez
pushed a commit
to romanejaquez/flutter
that referenced
this pull request
Aug 14, 2025
> [!NOTE] > This PR lands flutter#158473 (closed due to confusing git-isms). Please see that PR for all comments and discussion on landing this feature. ### Overview Implements setting content sensitivity on Android via a new widget called `SensitiveContent` that currently will only function on Android. ### How it's implemented There are three different content sensitivity levels: [`autoSensitive`](https://developer.android.com/reference/android/view/View#CONTENT_SENSITIVITY_AUTO), [`sensitive`](https://developer.android.com/reference/android/view/View#CONTENT_SENSITIVITY_SENSITIVE), [`notSensitive`](https://developer.android.com/reference/android/view/View#CONTENT_SENSITIVITY_NOT_SENSITIVE). All except `autoSensitive` behave as their Android counterpart level behaves (see links on the levels); for Flutter, `autoSensitive` will behave the same as `notSensitive` though it is implemented as if it works (see flutter#160879 for more details. In any given Flutter view, each `SensitiveContent` widget sets a content sensitivity level and there may be multiple `SensitiveContent` widgets in the widget tree at a time, but only the most severe content sensitivity level in the tree will be maintained in order to ensure secure content remains obscured during screen projection. This means that even widgets that are not visible may still impact the overall content sensitivity of the entire Flutter view (see flutter#160051 for more details). Under the hood, the implementation uses method channels. Theoretically, this could cause a delay in setting the content sensitivity level and a Flutter view being obscured during screen projection on time, so we will investigate using JNIgen in the future (see flutter#160050 for more details). Over the method channel, the framework will send a Flutter view ID and content sensitivity level to the engine to set the expected content sensitivity level for the view. ### Timeline #### Required for feature shipping - Land this PR with the method channel implementation of content sensitivity. #### Short-term follow up tasks - Ensure every `FlutterView` has a unique ID for the native `SensitiveContentPlugin` to identify them by: flutter#162685 - Add `SensitiveContent` widget to relevant Flutter widgets: flutter#167302 #### Long-term follow up tasks - Convert this PR to use JNIgen: flutter#160050. Verify no frames are dropped, revealing sensitive content during media projection: flutter#164820. #### Stretch goals - Make the `SensitiveContent` widget sensitive to the visibility of child widgets: flutter#160051 - Implement `autoSensitivity` mode: flutter#160879 - Investigate backwards compatibility for APIs < 35: flutter#159208 ### Open questions - ~Is it okay to hard-code the `FlutterActivity` and `FlutterFragment` view IDs? Does this impact add-to-app in any way? I assume we would need extenders of those classes to use a different view ID than the hardcoded one.~ Approach not used. - ~Should we expose `autoSensitive` for now? If so, what behavior should it have?~ Exposing `autoSensitive` as if it works. ### One way to test this PR (rough steps) 1. Create a Flutter app that has some number of `SensitiveContent` widgets. 9. Run the app on an emulator/device that runs API 35 and has the Google meets app downloaded. 10. Start a Google meets meeting and screen share (works with full screen and single app mode). 11. Join the Google meets meeting from another device and witness a blacked out screen if content has been marked sensitive. ## Pre-launch Checklist - [x] I read the [Contributor Guide] and followed the process outlined there for submitting PRs. - [x] I read the [Tree Hygiene] wiki page, which explains my responsibilities. - [x] I read and followed the [Flutter Style Guide], including [Features we expect every widget to implement]. - [x] I signed the [CLA]. - [x] I listed at least one issue that this PR fixes in the description above. - [x] I updated/added relevant documentation (doc comments with `///`). - [x] I added new tests to check the change I am making, or this PR is [test-exempt]. - [x] I followed the [breaking change policy] and added [Data Driven Fixes] where supported. - [x] All existing and new tests are passing. If you need help, consider asking for advice on the #hackers-new channel on [Discord]. <!-- Links --> [Contributor Guide]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#overview [Tree Hygiene]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md [test-exempt]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#tests [Flutter Style Guide]: https://github.com/flutter/flutter/blob/main/docs/contributing/Style-guide-for-Flutter-repo.md [Features we expect every widget to implement]: https://github.com/flutter/flutter/blob/main/docs/contributing/Style-guide-for-Flutter-repo.md#features-we-expect-every-widget-to-implement [CLA]: https://cla.developers.google.com/ [flutter/tests]: https://github.com/flutter/tests [breaking change policy]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#handling-breaking-changes [Discord]: https://github.com/flutter/flutter/blob/main/docs/contributing/Chat.md [Data Driven Fixes]: https://github.com/flutter/flutter/blob/main/docs/contributing/Data-driven-Fixes.md
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
Aug 15, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
Aug 15, 2025
engine-flutter-autoroll
added a commit
to engine-flutter-autoroll/packages
that referenced
this pull request
Aug 16, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note
This PR lands #158473 (closed due to confusing git-isms). Please see that PR for all comments and discussion on landing this feature.
Overview
Implements setting content sensitivity on Android via a new widget called
SensitiveContentthat currently will only function on Android.How it's implemented
There are three different content sensitivity levels:
autoSensitive,sensitive,notSensitive. All exceptautoSensitivebehave as their Android counterpart level behaves (see links on the levels); for Flutter,autoSensitivewill behave the same asnotSensitivethough it is implemented as if it works (see #160879 for more details.In any given Flutter view, each
SensitiveContentwidget sets a content sensitivity level and there may be multipleSensitiveContentwidgets in the widget tree at a time, but only the most severe content sensitivity level in the tree will be maintained in order to ensure secure content remains obscured during screen projection. This means that even widgets that are not visible may still impact the overall content sensitivity of the entire Flutter view (see #160051 for more details).Under the hood, the implementation uses method channels. Theoretically, this could cause a delay in setting the content sensitivity level and a Flutter view being obscured during screen projection on time, so we will investigate using JNIgen in the future (see #160050 for more details). Over the method channel, the framework will send a Flutter view ID and content sensitivity level to the engine to set the expected content sensitivity level for the view.
Timeline
Required for feature shipping
Short-term follow up tasks
FlutterViewhas a unique ID for the nativeSensitiveContentPluginto identify them by: [Android] MakeFlutterViewIDs instance variables instead of a static one #162685SensitiveContentwidget to relevant Flutter widgets: [Android] AddSensitiveContentwidget to Flutter widgets that have potential security vulnerabilities during screen share #167302Long-term follow up tasks
SensitiveContentwidget potential frame drops are not visible #164820.Stretch goals
SensitiveContentwidget sensitive to the visibility of child widgets: [Android] Un-mark sensitive content when it is not visible on screen #160051autoSensitivitymode: [Android] Investigate implementingautoSensitivesensitive content mode #160879Open questions
Is it okay to hard-code theApproach not used.FlutterActivityandFlutterFragmentview IDs? Does this impact add-to-app in any way? I assume we would need extenders of those classes to use a different view ID than the hardcoded one.Should we exposeExposingautoSensitivefor now? If so, what behavior should it have?autoSensitiveas if it works.One way to test this PR (rough steps)
SensitiveContentwidgets.Pre-launch Checklist
///).If you need help, consider asking for advice on the #hackers-new channel on Discord.