Implement security flags

[seisvelas]

The Cure53 report recommended we implement the following security flags:

FLAG_SECURE

This flag blocks manual screenshots and screen recording of a window. I'm not sure what your opinions are on this. I can imagine users sometimes wanting to screenshot something from an email on their phone, in which case this 'feature' would be annoying. On the other hand, I understand the reasoning behind it.

Ideally we could just use it where we need it, but it operates by window, not by view. So if you want to just use it in one place, that needs to be a separate window.

filterTouchesWhenObscured

The Cure53 report explains this flag very well:

The filterTouchesWhenObscured security flag for views protects against so-called
Tapjacking attacks. A malicious app can overlap the currently active app with a hidden
screen overlay. The latter would need to have the ability to intercept data entered into
the underlying app. Once the flag is set, a view will no longer receive touches when it is
obscured by another window, therefore making this attack infeasible

This one seems like a really good idea. Note that I am totally ignorant about Android development so please let me know if I'm badly misunderstanding anything.

[tomholub]

I don't think it's useful to block screenshots at all.

The other one sounds interesting.

@seisvelas please update our bounty docs to say that it's a feature that users can take screenshots in all of our taps, and does not count as a vuln. In case someone has a similar idea.

@DenBond7 we could investigate this after the issues with outgoing email are resolved.

[seisvelas]

@seisvelas please update our bounty docs to say that it's a feature that users can take screenshots in all of our taps, and does not count as a vuln. In case someone has a similar idea.

Sure, PR: https://github.com/FlowCrypt/flowcrypt-docs/pull/51.