Redact sensitive data

Ensure secure remote screen viewing using the redaction API to automatically block sensitive data such as credit card details, social security numbers and more.

When remotely viewing a user's screen, there may be certain sensitive data that should not be viewable by the agent.

For this purpose, we provide a redaction API that automatically blocks out on device all sensitive data sources such as credit cards, social security numbers, etc. When certain data is redacted, it will never leave the user's device.

Cobrowse provides two methods for redacting sensitive data in your applications:

1. Define the redacted views in your app source code (recommended)

This is the recommended method as it will make sure your redactions are tied to application or websites code version.

Redactions are defined as CSS selectors, passed as an array to the Cobrowse SDK. We recommend using a simple css class to signify redaction where possible, although more complex selectors will also work.

CobrowseIO.redactedViews = ['.redacted', ...some other selectors...]

Our web SDK also supports an un-redaction mechanism, where by you can define sub-elements inside of a redacted element that should be visible to the agent. You can specify un-redaction selectors like this:

CobrowseIO.unredactedViews = ['.unredacted', ...some other selectors...]

Implement the CobrowseIORedacted protocol on any UIViewController that contains sensitive views. This protocol contains one method:

// From this method you should return a list of the views you want
// Cobrowse to redact, for example:
- (NSArray*) redactedViews {
    return @[ redactedTextView ];
}

If making changes to your UIViewController subclasses isn't an option, we also support a delegate style method to allow you to supply this information in one place. Implement cobrowseRedactedViewsForViewController in your CobrowseIODelegate class, then you can pass redacted views for a specific UIViewController in a single method:

-(NSArray<UIView*>*) cobrowseRedactedViewsForViewController:(UIViewController*) vc {
    NSMutableArray<UIView*>* redacted = [[NSMutableArray alloc] init];
    // Return a list of redacted views for a provided UIViewController
    return redacted;
}

Redaction of SwiftUI views

To redact any SwiftUI view please use the .redacted() view modifier supplied by the Cobrowse iOS SDK v2.30.0 +.

The example below will redact the Text view that displays the email address.

struct AccountView: View {
    
    let name: String
    let email: String
    
    var body: some View {
        VStack {
            Text(name)
                .font(.largeTitle)
            
            Text(verbatim: email)
                .font(.title2)
                .redacted()
        }
    }
}

You can add the .redacted() view modifier to views that contain child views like VStack and the entire stack will be redacted.

struct AccountView: View {
    
    let name: String
    let email: String
    
    var body: some View {
        VStack {
            Text(name)
                .font(.largeTitle)
            
            Text(verbatim: email)
                .font(.title2)
        }
        .redacted()
    }
}

Redaction by default

Sometimes you may want to redact everything on the screen, then selectively "unredact" only the parts your support agents should be able to see. This is particularly useful on applications that require a higher privacy standard or where only specific sections of the App should be visible to the agent.

To achieve this, you'll need to follow the delegate implementation and ensure you pass the all your applications root views to the Cobrowse redaction delegate method:

-(NSArray<UIView*>*) cobrowseRedactedViewsForViewController:(UIViewController*) vc {
    return @[self.window.rootViewController.view];
}

Once you've done this, your application root views will be redacted by default and you'll be able to un-redact child components to make them visible to the agents by implementing cobrowseUnredactedViewsForViewController in your CobrowseIODelegate class:

-(NSArray<UIView*>*) cobrowseUnredactedViewsForViewController:(UIViewController *) vc {
    UIView *unredacted = [self findViewByAccessibilityLabel:self.window:@"viewToBeUnredacted"];
    if (unredacted) {
        return @[unredacted];
    }
    return @[];
}

Alternatively, you can implement CobrowseIOUnredacted protocol in your UIViewController subclasses:

-(NSArray*) unredactedViews {
    return @[viewToBeUnredacted];
}

Redaction of WebView content

Your app may show web content that contains elements that you wish to redact. This can be achieved by setting the webviewRedactedViews property to an array of CSS selectors that identify the elements to be redacted.

CobrowseIO.instance.webviewRedactedViews = @[ @".redacted", ...some other selectors... ];

Implement the CobrowseIO.Redacted interface on any Activity that contains sensitive views. This interface contains one method:

// From this method you should return a list of the views you want
// Cobrowse to redact, for example:
public List<View> redactedViews() {
    List<View> redacted = new ArrayList<>();
    redacted.add(findViewById(R.id.redact_me));
    return redacted;
}

If making changes to your Activity classes isn't an option, we also support a delegate style method to allow you to supply this information in one place. Implement CobrowseIO.RedactionDelegate interface in your CobrowseIO.Delegate class, then you can pass redacted views for a specific Activity in a single method:

@Override
public List<View> redactedViews(@NonNull Activity activity) {
    List<View> redacted = new ArrayList<>();
    // Return a list of redacted views for a provided activity
    return redacted;
}

Redaction of Jetpack Compose UI

Redaction for Jetpack Compose UI is shipped in a separate library on Maven Central:

dependencies {
    // ... other dependencies ...
    implementation 'io.cobrowse:cobrowse-sdk-android:2.+'
    implementation 'io.cobrowse:cobrowse-sdk-android-compose-ui:2.+'
}

You are required to use the same version of the Cobrowse.io SDK and Compose UI redaction artifacts. Using different versions of Cobrowse.io SDK artifacts is not supported.

Apply Modifier.redacted() to your composable to be redacted, like so:

import io.cobrowse.redacted

Text("Redacted label",
     modifier = Modifier
         .background(Color.Red)
         // Other modifiers...
         .redacted())

Redaction by default

To achieve this, you'll need to follow the delegate implementation and ensure you pass the all your applications root views to the Cobrowse redaction delegate method:

@Override
public List<View> redactedViews(@NonNull Activity activity) {
    return new ArrayList<View>() {{
        add(activity.getWindow().getDecorView());
    }};
}

Once you've done this, your application root views will be redacted by default and you'll be able to un-redact child components to make them visible to the agents by implementing CobrowseIO.UnredactionDelegate in your CobrowseIO.Delegate class:

@Override
public List<View> unredactedViews(@NonNull Activity activity) {
    return new ArrayList<View>(){{
        if (findViewById(R.id.view_to_be_unredacted) != null)
            add(findViewById(R.id.view_to_be_unredacted));
    }};
}

Alternatively, you can implement CobrowseIO.Unredacted interface in your Activity subclasses:

@Override
public List<View> unredactedViews() {
    return new ArrayList<View>(){{
        if (findViewById(R.id.view_to_be_unredacted) != null)
            add(findViewById(R.id.view_to_be_unredacted));
    }};
}

Redaction of WebView content

CobrowseIO.instance().webviewRedactedViews(new String[] { ".redacted",  ...some other selectors... });

To redact an element in your RN application you can wrap it in a tag provided by the Cobrowse module:

import { Redacted } from 'cobrowse-sdk-react-native';

// ...
<View style={styles.container}>
    <Redacted>
        <Text style={styles.instructions}>This text should be secret</Text>
    </Redacted>
</View>

Redaction by default

To achieve this, you'll need to follow the delegate implementation and ensure you pass the all your applications root views to the Cobrowse redaction delegate methods for iOS and Android.

Listening for events

Once you've done this, your application root views will be redacted by default and you'll be able to un-redact child components to make them visible to the agents:

import { Unredacted } from 'cobrowse-sdk-react-native';
// ...

<View style={styles.container}>
    <Text>This text should be secret due to the redaction by default implementation</Text>
    <Unredacted>
        <Text>This text will be visible to the agents because it's wrapped with an Unredacted component</Text>
        <Redacted>
            <Text>You can also nest redacted elements inside unredacted ones. This text will be hidden to the agents.</Text>
        </Redacted>
    </Unredacted>
</View>

Redaction of WebView content

CobrowseIO.webviewRedactedViews = [ '.redacted', ...some other selectors... ];

Redacting views outside React Native

Finally, within React Native some packages will render in new Windows/Root Views. You can follow the same delegate implementation to identify this views and redact or unredact them by default as required. You can check the provided examples for iOS and Android which redact by default the React Native Dev menu keeping one of the options unredacted to illustrate the technique.

To redact an element in your Flutter application you can wrap it in a widget provided by the SDK:

Redacted(child: TextField(/* TextField properties */))

The widget will be redacted for both client and agent during an active screensharing session. Both client and agent will not be able to interact with it during a session.

iOS implementation

Implement the ICobrowseIORedacted interface on any UIViewController that contains sensitive views. This interface contains one RedactedViews property:

public partial class ViewController : UIViewController, ICobrowseIORedacted
{
    // From this property you should return a list of the views you want Cobrowse to redact, for example:
    public UIView[] RedactedViews
        => new[] { redactedTextView };
}

Android implementation

Implement the CobrowseIO.IRedacted interface on any Activity that contains sensitive views. This interface contains one method:

[Activity]
public class MainActivity : AppCompatActivity, CobrowseIO.IRedacted
{
    // From this method you should return a list of the views you want Cobrowse to redact, for example:
    public IList<View> RedactedViews()
    {
        return new[]
        {
            FindViewById(Resource.Id.redact_me)
        }
    }
}

MAUI implementation

Create a new Effect which then will be used to redact certain MAUI views:

public class CobrowseRedactedViewEffect : RoutingEffect
{
    public bool IsRedacted { get; set; } = true;
}

Create the following iOS-specific classes:

public class CobrowseRedactionDelegate
    : Cobrowse.IO.CobrowseDelegateImplementation
{
    public override UIView[] RedactedViewsForViewController(UIViewController vc)
        => PlatformCobrowseRedactedViewEffect.RedactedViews;
}

public class PlatformCobrowseRedactedViewEffect : PlatformEffect
{
    private static readonly List<UIView> sRedacted = new List<UIView>();

    public static UIView[] RedactedViews => sRedacted.ToArray();

    public PlatformCobrowseRedactedViewEffect()
    {
    }

    protected override void OnAttached()
    {
        AddToRedacted(Container);
    }

    protected override void OnDetached()
    {
        RemoveFromRedacted(Container);
    }

    private static void AddToRedacted(UIView view)
    {
        if (view == null)
        {
            return;
        }
        sRedacted.Add(view);
    }

    private static void RemoveFromRedacted(UIView view)
    {
        if (view == null)
        {
            return;
        }
        if (sRedacted.Contains(view))
        {
            sRedacted.Remove(view);
        }
    }
}

Android-specific classes:

public class CobrowseRedactionDelegate
    : Cobrowse.IO.CobrowseDelegateImplementation,
    Cobrowse.IO.Android.CobrowseIO.IRedactionDelegate
{
    public IList<AView>? RedactedViews(Activity activity)
        => PlatformCobrowseRedactedViewEffect.RedactedViews;
}

public class PlatformCobrowseRedactedViewEffect : PlatformEffect
{
    public PlatformCobrowseRedactedViewEffect()
    {
    }
    private static readonly List<AView> sRedacted = new List<AView>();

    public static IList<AView> RedactedViews => sRedacted;

    protected override void OnAttached()
    {
        AddToRedacted(Control ?? Container);
    }

    protected override void OnDetached()
    {
        RemoveFromRedacted(Control ?? Container);
    }

    private static void AddToRedacted(AView view)
    {
        if (view == null)
        {
            return;
        }
        sRedacted.Add(view);
    }

    private static void RemoveFromRedacted(AView view)
    {
        if (view == null)
        {
            return;
        }
        if (sRedacted.Contains(view))
        {
            sRedacted.Remove(view);
        }
    }
}

Make sure the delegates you just created are passed into the Cobrowse.io SDK after the SDK is started:

public partial class App : Application
{
    public App()
    {
        InitializeComponent();

        CobrowseIO.Instance.License = "<your license key>";
        CobrowseIO.Instance.Start();

#if ANDROID
        Cobrowse.IO.Android.CobrowseIO.Instance.SetDelegate(new YourNamespace.Platforms.Android.CobrowseRedactionDelegate());
#elif IOS
        Cobrowse.IO.iOS.CobrowseIO.Instance.SetDelegate(new YourNamespace.Platforms.iOS.CobrowseRedactionDelegate());
#endif
    }

Last, utilize the created effect like this:

<ContentPage xmlns:local="clr-namespace:YourNamespace">
...
    <Label Text="This label is redacted">
        <Label.Effects>
            <local:CobrowseRedactedViewEffect />
        </Label.Effects>
    </Label>
...
</ContentPage>

Redaction of WebView content

Your app may show web content that contains elements that you wish to redact. This can be achieved by setting the WebViewRedactedViews property to an array of CSS selectors that identify the elements to be redacted.

CobrowseIO.Instance.WebViewRedactedViews = new string[] { ".redacted", ...some other selectors... };

2. Use the Cobrowse web dashboard to define redacted views

This mechanism is provided as a fallback, use the SDK APIs when possible for maximum resiliency and efficiency.

You can also define redactions using a selector entered into the web dashboard. This can be useful if your app is already in production and you need to redact a field retrospectively, either due to a missed redaction entry in the app build or changing requirements. Visit the dashboard settings to enter redaction selectors.

Enter your css selectors, e.g. .redacted-class or #redacted-id.

Enter your objective-C class name and/or view id, e.g. ClassName#id or just #id.

ClassName is the name of the UI class, and id is the integer tag of the view object.

Enter your tag of the view class and/or the identifier name for the view, e.g. tag#id or just #id.

tag is the simple name of the view class, #id can usually be found in the XML layout like so android:id="@+id/here_is_the_id. The #id must be able to be used with system android.view.View#findViewById() and android.app.Activity#findViewById() methods.

PreviousUse 6-digit codes NextViewing PDFs

Last updated 6 days ago