Thanks for the report. This isn't something we'd usually consider a security vulnerability, but it may still be a bug. Adding the security UX team in case they're interested.

Louis, you fixed similar bug (521131), could you please take a look at this one.

Claude, Lindsay, by any chance do you know if this is a regression?

Weird, the incognitoBlocker (https://cs.chromium.org/chromium/src/ios/chrome/app/application_delegate/app_state.mm?q=incognitoblocker&sq=package:chromium&l=195&dr=C) is correctly added and even inspecting the app UI when the screen is being locked shows the overlay.

Apple says to modify the UI in applicationDidEnterBackground (http://stackoverflow.com/a/18961652), which is what we do. Do they take the snapshot differently when locking the screen?

I'd be interested if this is only in iOS 10, or if it was there all along.

Note to repro I disabled the passcode (not sure if really necessary though).

This is an iOS/UIKit bug as I repro on the attached project.

Deleted: TestScreenshot.zip 25.8 KB

TestScreenshot.zip 25.8 KB Download

Area:
UIKit

Summary:
System screenshot taken before applicationDidEnterBackground leaks private data when locking screen

In https://developer.apple.com/library/content/documentation/iPhone/Conceptual/iPhoneOSProgrammingGuide/BackgroundExecution/BackgroundExecution.html#//apple_ref/doc/uid/TP40007072-CH4-SW8, there is this recommandation:

Remove sensitive information from views before moving to the background. When an app transitions to the background, the system takes a snapshot of the app’s main window, which it then presents briefly when transitioning your app back to the foreground. Before returning from your applicationDidEnterBackground: method, you should hide or obscure passwords and other sensitive personal information that might be captured as part of the snapshot.

This is correct when switching apps, but is broken when first locking the screen and when switching orientations. Please follow the repro steps closely with the minimalistic project attached.

Steps to Reproduce:
1. Launch Safari in portrait (to load an app that supports landscape orientation in the multitasking tray).
2. Launch the dummy app TestScreenshot in portrait. It shows "PRIVATE!".
3. Rotate to landscape.
4. Lock the screen. applicationDidEnterBackground is called and changes the label to "Concealed".
5. Unlock the screen.
6. Rotate to portrait.
7. Switch to Safari.
8. Rotate to landscape.
9. Double tap the Home button.

Expected Results:
The landscape screenshot for TestScreenshot shows "Concealed".

Actual Results:
The landscape screenshot for TestScreenshot shows "PRIVATE!".

Version:
iOS 10.1 and iOS 10.2. Others not tested.

Configuration:
iPhone 5S

Attachments:
'TestScreenshot.zip' and 'Screen Shot 2017-01-12 at 20.17.57.png' were successfully uploaded.

Removing milestone.

lpromero: can you put the radar number in the bug so i can escalate to apple?

Lowering to P2 since it requires an OS fix. 

rdar://657297451

This is reproducible on iOS 9.3.5 on iPhone 6 on build 58.0.3029.33dev

Looks fixed on iOS 11. I tested on iPhone 7 Plus iOS 11.1.1 and iPhone X 11.1.2.