Threat Intelligence

Screen Capture & Recording Protection

Severity: highPrivacy / FraudDisplay / UI

Affected: Mobile Banking · MFA flows · Corporate banking

Threat IntelligencePrivacyFLAG_SECURE

Screen recording malware, accessibility services and MediaProjection abuse capture banking screens — exfiltrating OTPs, balances and transaction confirmations.

High

OTP Theft Risk

Screen recording

Yes

GDPR Relevance

PII on screen

Low

Fix Complexity

FLAG_SECURE

Common

Audit Finding Rate

Missing on 1 screen

Analyze APK →View Banking Mandates →Download Executive Brief →

Attack chain

Typical exploitation path in mobile banking

1Record permission

2Open bank app

3Capture frames

4Extract OTP

5Complete fraud

Kill Chain

How this attack happens

End-to-end attack timeline observed in mobile banking incidents.

Step 1

Capture permission

Malware obtains recording or a11y access.

Step 2

Banking session

User opens app — sensitive UI visible.

Step 3

Frame capture

Screens streamed to attacker C2.

Step 4

OTP / PII extract

OCR or manual extraction of codes.

Step 5

Fraud completion

Attacker completes transfer with OTP.

Business Impact

Impact on financial institutions

Operational, financial and regulatory consequences for BFSI.

Estimated severity

critical

critical impact

OTP Capture

MFA defeated via screen recording.

high impact

PII Exposure

Balances and account numbers leaked.

high impact

GDPR Violations

Uncontrolled processing of personal data.

SOC Intelligence

Observed risk signals

Typical APK assessment findings mapped to this threat.

Live assessment index

critical

FLAG_SECURE missing on OTP screen

high

No screen recording detection

medium

App visible in recents unblurred

Detection

How MobAIsec detects this threat

Four-phase governance pipeline — deterministic evidence only.

Phase 1

Static Analysis

›FLAG_SECURE per activity audit
›MediaProjection detection code

Phase 2

Governance Mapping

›MASVS-PLATFORM-3
›GDPR security of processing

Phase 3

Evidence Collection

›Sensitive activity manifest map

Static Analysis→Governance Mapping→Evidence Collection

Mitigation

Recommended banking controls

Layered defenses with coverage, effort and effectiveness ratings.

FLAG_SECURE

Coverage: High

Protects: Screenshot / most recording

Effort

Low

Effectiveness

78%

All auth, OTP, payment screens.

Recording Detection

Coverage: Medium

Protects: Active MediaProjection

Effort

Medium

Effectiveness

65%

Combine with RASP on Android 14+.

Regulatory Intel

Banking regulations requiring this protection

Compliance confidence and mapped control counts per jurisdiction.

UAE

CBUAE

mandatory

Compliance confidence94%

12 mapped controls

View mandate →

India

RBI

recommended

Compliance confidence88%

9 mapped controls

View mandate →

Singapore

MAS

required

Compliance confidence96%

11 mapped controls

View mandate →

EU

EBA / PSD2

required

Compliance confidence91%

10 mapped controls

View mandate →

Framework Alignment

Security framework alignment

How this threat maps across MASVS, OWASP Mobile, PCI DSS, PSD2, NIST and DORA.

Control	MASVS	OWASP Mobile	PCI DSS	PSD2	NIST	DORA
Screen protection	●	◐	○	◐	●	●

Executive Summary

Executive risk summary

Board-ready risk dimensions and impact heatmap.

Lower = higher residual risk

Likelihood70%

Impact80%

Exploitability72%

Compliance Risk75%

Impact heatmap

OTP theft

L: 75%

I: 88%

Vendor Intel

Enterprise protection vendors

RASP, attestation and device-trust solutions for banking programs.

Promon SHIELD

Best for banking RASP

Enterprise

Banking: excellent

Pros

+ Deep overlay + root detection
+ Banking reference customers

Limitations

− Enterprise pricing
− Integration effort

Approov

Strong API integrity

Enterprise

Banking: excellent

Pros

+ Runtime attestation
+ Certificate pinning as a service

Limitations

− Less native UI protection

APK Preview

APK threat intelligence preview

Sample assessment output for Screen Capture exposure.

Simulated report

Risk score

/ 100

1 critical findings

Observed risks

✗FLAG_SECURE absent on MFA

Mapped controls

MASVS-PLATFORMGDPR

Upload APK to validate →

Related Intel

Related intelligence

Related threats

Adjacent attack patterns

Overlay Attacks

UI-layer threats.

Explore →

Related frameworks

Governance standards

GDPR Mobile

Privacy controls.

Explore →

MASVS

Platform.

Explore →

Related mandates

Country regulators

GDPR.

Explore →

FAQ

Threat intelligence FAQ

SEO-optimized answers for security and governance teams.

Does FLAG_SECURE prevent all screen capture?

It prevents screenshots and most screen recording on protected activities but should be combined with recording detection for comprehensive protection.

Take action

Validate your banking APK against Screen Capture

Upload your Android banking app for evidence-backed threat intelligence — no hallucinated findings.

✓Threat exposure score
✓Runtime hardening analysis
✓Banking compliance mapping
✓Fraud readiness score
✓Executive PDF report
✓Remediation guidance

Start Free APK Assessment Book Security Demo