From f8a59ecbcf272aaae7b7e2e0d38cca9c49850731 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Mon, 11 Jul 2022 11:54:12 +0200 Subject: [PATCH] Ask for confirmation before showing the payload Payload information can contain sensitive data. A scam alert is now shown before the first time the payload tab is open. This should prevent scam attempts. --- .../fragments/ConnectionPayload.java | 43 +++++++++++++++++-- .../emanuelef/remote_capture/model/Prefs.java | 1 + app/src/main/res/values/strings.xml | 4 ++ 3 files changed, 45 insertions(+), 3 deletions(-) diff --git a/app/src/main/java/com/emanuelef/remote_capture/fragments/ConnectionPayload.java b/app/src/main/java/com/emanuelef/remote_capture/fragments/ConnectionPayload.java index 51bccce9..cebf7a10 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/fragments/ConnectionPayload.java +++ b/app/src/main/java/com/emanuelef/remote_capture/fragments/ConnectionPayload.java @@ -20,7 +20,9 @@ package com.emanuelef.remote_capture.fragments; import android.content.Context; +import android.content.SharedPreferences; import android.os.Bundle; +import android.util.Log; import android.view.LayoutInflater; import android.view.Menu; import android.view.MenuInflater; @@ -31,7 +33,9 @@ import android.widget.TextView; import androidx.annotation.NonNull; import androidx.annotation.Nullable; +import androidx.appcompat.app.AlertDialog; import androidx.fragment.app.Fragment; +import androidx.preference.PreferenceManager; import com.emanuelef.remote_capture.CaptureService; import com.emanuelef.remote_capture.ConnectionsRegister; @@ -41,6 +45,7 @@ import com.emanuelef.remote_capture.activities.ConnectionDetailsActivity; import com.emanuelef.remote_capture.adapters.PayloadAdapter; import com.emanuelef.remote_capture.model.ConnectionDescriptor; import com.emanuelef.remote_capture.model.PayloadChunk; +import com.emanuelef.remote_capture.model.Prefs; import com.emanuelef.remote_capture.views.EmptyRecyclerView; public class ConnectionPayload extends Fragment implements ConnectionDetailsActivity.ConnUpdateListener { @@ -49,6 +54,7 @@ public class ConnectionPayload extends Fragment implements ConnectionDetailsActi private ConnectionDescriptor mConn; private PayloadAdapter mAdapter; private TextView mTruncatedWarning; + private EmptyRecyclerView mRecyclerView; private int mCurChunks; private Menu mMenu; private boolean mJustCreated; @@ -99,9 +105,9 @@ public class ConnectionPayload extends Fragment implements ConnectionDetailsActi return; } - EmptyRecyclerView recyclerView = view.findViewById(R.id.payload); + mRecyclerView = view.findViewById(R.id.payload); EmptyRecyclerView.MyLinearLayoutManager layoutMan = new EmptyRecyclerView.MyLinearLayoutManager(requireContext()); - recyclerView.setLayoutManager(layoutMan); + mRecyclerView.setLayoutManager(layoutMan); mTruncatedWarning = view.findViewById(R.id.truncated_warning); mTruncatedWarning.setText(String.format(getString(R.string.payload_truncated), getString(R.string.full_payload))); @@ -110,8 +116,39 @@ public class ConnectionPayload extends Fragment implements ConnectionDetailsActi mAdapter = new PayloadAdapter(requireContext(), mConn, mode); mCurChunks = mConn.getNumPayloadChunks(); - recyclerView.setAdapter(mAdapter); mJustCreated = true; + + // only set adapter after acknowledged (see setMenuVisibility below) + if(payloadNoticeAcknowledged(PreferenceManager.getDefaultSharedPreferences(requireContext()))) + mRecyclerView.setAdapter(mAdapter); + } + + @Override + public void setMenuVisibility(boolean menuVisible) { + super.setMenuVisibility(menuVisible); + Log.d(TAG, "setMenuVisibility : " + menuVisible); + Context context = requireContext(); + SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context); + + if(menuVisible && !payloadNoticeAcknowledged(prefs)) { + AlertDialog dialog = new AlertDialog.Builder(context) + .setTitle(R.string.scam_alert) + .setMessage(R.string.payload_scams_notice) + .setOnCancelListener((d) -> requireActivity().finish()) + .setNegativeButton(R.string.cancel_action, (d, b) -> requireActivity().finish()) + .setPositiveButton(R.string.show_data_action, (d, whichButton) -> { + // show the data + mRecyclerView.setAdapter(mAdapter); + + prefs.edit().putBoolean(Prefs.PREF_PAYLOAD_NOTICE_ACK, true).apply(); + }).show(); + + dialog.setCanceledOnTouchOutside(false); + } + } + + private boolean payloadNoticeAcknowledged(SharedPreferences prefs) { + return prefs.getBoolean(Prefs.PREF_PAYLOAD_NOTICE_ACK, false); } @Override diff --git a/app/src/main/java/com/emanuelef/remote_capture/model/Prefs.java b/app/src/main/java/com/emanuelef/remote_capture/model/Prefs.java index 7e94de89..3b4a10b2 100644 --- a/app/src/main/java/com/emanuelef/remote_capture/model/Prefs.java +++ b/app/src/main/java/com/emanuelef/remote_capture/model/Prefs.java @@ -76,6 +76,7 @@ public class Prefs { public static final String PREF_LOCKDOWN_VPN_NOTICE_SHOWN = "vpn_lockdown_notice"; public static final String PREF_VPN_EXCEPTIONS = "vpn_exceptions"; public static final String PREF_BLOCK_NEW_APPS = "block_new_apps"; + public static final String PREF_PAYLOAD_NOTICE_ACK = "payload_notice"; public enum DumpMode { NONE, diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml index dd4ce31c..50e91526 100644 --- a/app/src/main/res/values/strings.xml +++ b/app/src/main/res/values/strings.xml @@ -382,4 +382,8 @@ Block newly installed apps App blocked The %1$s app has been blocked by the firewall + Scam alert + This view may contain sensitive information, like your passwords and access tokens.\n\nNever give out this information to anyone, it may be a scam attempt + Cancel + Show data