System Sharing Suppression

Plan	Platforms	MASVS
Team	iOS	MASVS-STORAGE-2, MASVS-PLATFORM-1

Overview

System Sharing Suppression prevents high-risk data exfiltration activities from being accessible in the iOS share sheet, document interaction menus, and print dialogs for views marked as sensitive. When enabled, the SDK automatically suppresses risky sharing activities (AirDrop, Print, Save to Camera Roll, Copy to Clipboard, Mail, Messages, and Assign to Contact) from any share UI presented within sensitive view controllers.

This control is essential for applications handling confidential data where users should be able to share some content (e.g., via approved channels) but must not be able to exfiltrate sensitive screens via system-level sharing mechanisms.

How It Works

The control operates on an opt-in basis: only view controllers explicitly marked as sensitive are protected. Non-sensitive views continue to function normally with full system sharing capabilities.

Marking Views Sensitive

Use the MobileDefender API to mark individual view controllers as containing sensitive content:

// Swift
MobileDefenderLibrary.markSensitiveViewController(myViewController)

// Objective-C
[MobileDefenderLibrary markSensitiveViewController:myViewController];

Once marked, any share sheet, document interaction controller, or print dialog presented from that view controller (or its child view controllers) will have high-risk activities automatically suppressed.

Activities Suppressed

When a share sheet (UIActivityViewController) is presented from a sensitive view controller, the following activities are automatically excluded:

Activity	System Identifier	Risk
AirDrop	`UIActivityTypeAirDrop`	Wireless file transfer to nearby devices
Print	`UIActivityTypePrint`	Physical or PDF output of content
Save to Camera Roll	`UIActivityTypeSaveToCameraRoll`	Saves content to photo library
Copy	`UIActivityTypeCopyToPasteboard`	Exposes content to clipboard (cross-app)
Mail	`UIActivityTypeMail`	Attaches content to email
Messages	`UIActivityTypeMessage`	Attaches content to iMessage/SMS
Assign to Contact	`UIActivityTypeAssignToContact`	Saves image as contact photo

These activities are merged with any exclusions your application already specifies. Your app's existing excludedActivityTypes list is preserved.

Additional Protections

Beyond the share sheet, the control also blocks:

UIDocumentInteractionController menus (Open In, Preview) when presented from sensitive views
UIPrintInteractionController dialogs when invoked from sensitive views

Threats Mitigated

Trivial Exfiltration: Prevents users or malicious actors from quickly exfiltrating sensitive on-screen content via system-provided sharing mechanisms
Clipboard Leakage: Eliminates Copy action in share sheets, preventing sensitive data from being placed on the system clipboard where other apps can access it
Physical Evidence: Blocks printing and saving to camera roll, preventing creation of persistent physical or digital copies
Uncontrolled Network Transfer: Suppresses AirDrop, Mail, and Messages, preventing sensitive content from leaving the device via unmonitored channels

Use Cases

Financial Services: Suppress sharing for screens displaying account numbers, balances, transaction details, or personal identification
Healthcare: Protect patient records, medical images, or prescription information
Enterprise: Prevent sharing of confidential business data, internal reports, or employee information
Legal: Protect attorney-client privileged documents or case files

Caveats

Opt-In Only

The control does not automatically detect which views are sensitive. You must explicitly mark view controllers using the markSensitiveViewController: API. Unmarked view controllers will have full system sharing capabilities.

This control only affects system-provided sharing UI (UIActivityViewController, UIDocumentInteractionController, UIPrintInteractionController). It does not:

Block custom sharing implementations built by your app or third-party SDKs
Prevent screenshots or screen recording (see ScreenshotPrevention and ScreenRecordingPrevention for those features)
Block network requests or file I/O initiated by your application code

User Experience

Suppressing sharing activities reduces the number of options available in the share sheet. Ensure this aligns with your app's security policy and user expectations. Consider providing in-app messaging explaining why certain sharing options are unavailable for sensitive content.

Child View Controllers

The sensitive tag propagates to child view controllers via parentViewController traversal. If a navigation controller is marked sensitive, all pushed view controllers inherit the protection.

Support Matrix

Platform	Minimum Version	Status
iOS	12.0+	✅ Supported
Android	—	❌ Not available

How to Enable the Control

Navigate to Preventative Controls from the AppTego portal, and expand the Data Sharing Protection section. Under this section you will find the System Sharing Suppression control. Click Enable to enable it for the next build or for it to be applied with a live push (if enabled).

API Configuration Example

{
  "SystemSharingPrevention": {
    "protection": true,
    "detection": false
  }
}

protection: true — Enable sharing suppression for marked sensitive views (recommended)
protection: false — No suppression; all views have full system sharing capabilities
detection — Currently unused; included for schema consistency

Integration Example

Swift

import MobileDefender

class SensitiveViewController: UIViewController {
    override func viewDidLoad() {
        super.viewDidLoad()

        // Mark this view controller as containing sensitive content
        MobileDefenderLibrary.markSensitiveViewController(self)
    }

    @IBAction func shareButtonTapped(_ sender: UIButton) {
        let activityVC = UIActivityViewController(
            activityItems: [sensitiveData],
            applicationActivities: nil
        )

        // High-risk activities automatically excluded by MobileDefender
        // No code changes needed to your share sheet logic
        present(activityVC, animated: true)
    }
}

Objective-C

#import <MobileDefender/MobileDefender.h>

@implementation SensitiveViewController

- (void)viewDidLoad {
    [super viewDidLoad];

    // Mark this view controller as containing sensitive content
    [MobileDefenderLibrary markSensitiveViewController:self];
}

- (IBAction)shareButtonTapped:(UIButton *)sender {
    UIActivityViewController *activityVC = [[UIActivityViewController alloc]
        initWithActivityItems:@[self.sensitiveData]
        applicationActivities:nil];

    // High-risk activities automatically excluded by MobileDefender
    [self presentViewController:activityVC animated:YES completion:nil];
}

@end

Telemetry

When a share sheet is suppressed, the SDK logs a system_share_blocked event containing:

Presenter view controller class name
Excluded activity types
Timestamp

This telemetry is sent via MobileDefenderMain.sendLog:data: and can be used for compliance auditing or security monitoring.