Manage sensitive data

As with any third-party service, it’s important for you to understand and have the ability to manage what data is sent to Shake servers. Shake SDK allows you to filter out sensitive data on the mobile device itself, so it never reaches the Shake servers.

Views

You can mark any view as private, and it'll automatically be deleted from the screenshot.

Let's suppose you're building a shopping cart app and you want to delete the name and the credit card number views from the screenshot:

AppDelegate.swift
import Shake
import Stripe
func maskSensitiveData() {
Shake.addPrivateView(textUserName)
Shake.addPrivateView(textCardNumber)
}

To remove view from private views use following method:

AppDelegate.swift
Shake.removePrivateView(view)

If you want to delete the whole screen from the screenshot, simply mark the whole view controller as private:

ViewController.swift
import UIKit
import Shake
import Stripe
class PaymentViewController: STPPaymentOptionsViewController {
override func viewWillAppear(_ animated: Bool) {
super.viewWillAppear(animated)
Shake.addPrivateViewController(self)
}
}

To remove an view controller from the list of private views, use the following method:

ViewController.swift
Shake.removePrivateViewController(self)

If you want to clear all the private views, use the following method:

AppDelegate.swift
Shake.clearPrivateViews()

Note that these methods won't delete sensitive views from screen recordings, only screenshots.

You can disable Screen Recording feature if you want make sure that sensitive data is not recorded.

AppDelegate.swift
Shake.configuration.isAutoVideoRecordingEnabled = false

Touch events

Marking a view as private will automatically delete its touch events' text properties too. Consequently, you'll see them as data_redacted strings in your Activity history.

Bear in mind that the view's ID, accessibility labels and tags remain visible.

note

Shake supports privacy redaction on all kinds of UIView and its subclasses. On the other side, Shake does not support privacy redaction on UIBarItem(s) like: UIBarButtonItem, UIBarButtonItemGroup and UITabBarItem since those are not UIVew subclasses.

Network requests

Certain network requests may contain sensitive data which you may not want to send to Shake servers. Use the Shake.setNetworkRequestsFilter() method to obfuscate only the sensitive parts of those requests, or to entirely prevent certain network requests from being logged.

For example, if you'd like to obfuscate the Authorization header in all network requests sent from your app, do this:

AppDelegate.swift
import Shake
func setupNetworkFilter() {
Shake.networkRequestsFilter = { (networkRequest) in
if let requestHeaders = networkRequest.requestHeaders {
if requestHeaders["Authorization"] != nil {
requestHeaders["Authorization"] = "***"
}
}
return networkRequest
}
}

If you do not want to log specific network requests, return nil from the NetworkRequestsFilter like below:

AppDelegate.swift
import Shake
func setupNetworkFilter() {
Shake.networkRequestsFilter = { (networkRequest) in
if networkRequest.utl.contains("https://api.myapp.com/cards") {
return nil
}
return networkRequest
}
}

To clear the network requests filter use Shake.networkRequestsFilter = nil

Notification events

If your app notifications contain sensitive data, use the Shake.setNotificationEventsFilter() method to obfuscate only the sensitive parts of those notifications, or to entirely prevent certain notifications from being logged.

For example, if you'd like to obfuscate the description of the notification event that contains e-mail, do this:

AppDelegate.swift
import Shake
func setupNetworkFilter() {
Shake.notificationEventsFilter = { (notificationEvent) in
if notificationEvent.title.contains("E-mail changed") {
notificationEvent.description = "***@gmail.com"
}
return notificationEvent
}
}

If you do not want to track specific notification event, return nil from notificationEventsFilter like below:

AppDelegate.swift
import Shake
func setupNetworkFilter() {
Shake.notificationEventsFilter = { (notificationEvent) in
if notificationEvent.title.contains("E-mail changed") {
return nil
}
return notificationEvent
}
}

To clear the notification events filter use Shake.notificationEventsFilter = nil

Automatically redacted sensitive data

By default, Shake uses a series of regular expressions to redact sensitive data from notifications, touch events and network requests. In addition Shake will replace any header value with data_redacted string if the header has a key that matches any string from the list of keywords below:

  • password
  • secret
  • passwd
  • api_key
  • apikey
  • access_token
  • auth_token
  • credentials
  • mysql_pwd
  • stripetoken
  • Authorization
  • Proxy-Authorization
  • card[number]

To disable this feature use the method below:

AppDelegate.swift
Shake.configuration.isSensitiveDataRedactionEnabled = false