Critical Security Update: Implement Screen Protection and Clipboard Blocking

Feature Requests
1

Hi MetaMask Team,

I am writing to propose a vital security enhancement for the MetaMask mobile app. As a leading Web3 wallet, MetaMask should adhere to the highest security standards, similar to global banking applications.

The Problem: Currently, users can take screenshots or record their screens while sensitive information (like Secret Recovery Phrases and Private Keys) is visible. Additionally, the ability to copy the Seed Phrase to the clipboard exposes users to “clipboard hijacking” by malicious apps.

Proposed Features:

1. Block Screenshots and Screen Recording MetaMask should prevent any form of screen capture. This would stop malware from silently recording the screen and prevent users from accidentally syncing sensitive screenshots to unencrypted clouds (iCloud/Google Photos).

  • For Android: This can be implemented easily by adding the FLAG_SECURE to the window.

    • Code Example: getWindow().setFlags(WindowManager.LayoutParams.FLAG_SECURE, WindowManager.LayoutParams.LayoutParams.FLAG_SECURE);

  • For iOS: While Apple is more restrictive, the app should use the isCaptured property to blur the screen or show a warning when recording is detected.

2. Block Copying Seed Phrase to Clipboard The app should disable the “Copy to Clipboard” function for the Secret Recovery Phrase.

  • Reason: Many malicious apps monitor the system clipboard. Forcing users to write down the phrase manually is a necessary “friction” that ensures the phrase stays offline.

Why this is mandatory:

  • Industry Standard: Almost all major fintech apps (Revolut, PayPal, Banking apps) use these protections by default.

  • Protection against Malware: It closes the gap for “Spyware” that captures visual and text data in the background.

  • Security by Default: We must protect users from their own mistakes (like saving a seed phrase in the photo gallery).

In the world of crypto, security should always be prioritized over convenience. Implementing these “Secure Window” flags is a simple but powerful way to protect millions of users.

Thank you for your dedication to user security!

2

A post was merged into an existing topic: Critical Security Update: Implement Screen Protection and Clipboard Blocking (with Code Examples)

A vote has been moved.