How to Update Mobile Privacy Settings in Fullstory

Who can use this feature?
- Available with Mobile add-on. 
- Requires an Admin role to configure. 

Understand the basics of Fullstory privacy capabilities and feel confident utilizing them with our Privacy in Fullstory course. Log in with your Fullstory credentials.

This article will guide you through how to control privacy via the Fullstory application when capturing data for mobile applications. The following topics will be covered:

Updating element data capture rules for mobile

By default, all text nodes will be masked until you choose to either unmask or exclude selectors in the privacy settings at Settings > Data Capture and Privacy > Privacy.

Before getting into how to update Privacy Settings for Fullstory for Mobile Apps, it's worth clarifying the following terminology: Excluding and Masking. User input within a masked or excluded element will not be searchable within Fullstory

Excluding elements

View “exclusion” refers to the existing process of completely removing a view node and its subtree from the data capture stream. It is replaced with a placeholder node that shows only a rectangle where the original node was displayed. All events targeting it are ignored. This is done upon request using a “blacklist” of nodes to be excluded.

exclusion_example.png 

Masking elements

View “masking” is the new approach to masking sensitive end-user data from the view hierarchy. A masked node will have all text replaced with irreversibly-transformed placeholder text, meant to resemble a wireframe of the original content. Any view metadata required for rendering, but not containing end-user data, will be preserved. This allows masked and captured nodes to be nested in one another in a way that’s not possible with excluded nodes.

masking_example.png

The element data capture user interface

While the Element Data Capture rules for mobile clients article serves as a detailed guide for how to create element data capture rules for mobile, the content below provides a brief overview of what it looks like when click Create Rule from the Element data capture rules section at Settings > Data Capture and Privacy > Privacy.

image (28).png

  • Exclude element entirely:The inner contents of the element are not captured. Additionally, any clicks, taps or interactions with this element will not be visualized in playback and will not be searchable. Excluded elements are represented in playback with grey and white diagonal lines:
    exclude.png
  • Mask element: The inner contents of the element are not captured. For text nodes, the number of characters and approximate typing behavior will be captured. Taps, clicks, and other interactions will be visible in playback and will be searchable.
  • Unmask element: All element data is captured.
  • Capture with user consent: Gives you the ability to selectively capture parts of your site or application based on explicit user consent (more info).

Platform targeting

Element data capture rules can be configured to target specific platforms, allowing for more granular use of CSS selectors according to the environment.

For organizations with native mobile capture, the platform field provides the flexibility to create rules for 'Web,' 'iOS,' 'Android,' or any combination of these platforms. This feature allows you to scope privacy rules to exactly where you need them, improving performance and consistency.

For more information about creating element data capture rules for mobile apps, click here.

Creating data capture rules using Inspect Mode

In addition to using the setting page to create data capture rules, you can also use Inspect Mode while in the middle of viewing a session.

  1. While viewing a mobile app session, click Page Insights at the top of the page.
  2. Click Inspect Mode in the top right of the page.

  3. Click an element to inspect it and confirm its selector on the right.

    How to Update Privacy Settings for FullStory for Mobile Apps3.jpg

     

  4. Click Create data capture rule.

    Screenshot 2024-12-17 at 3.40.25 PM.png
     
  5.  Update the element privacy setting and click Save.

Inspect Mode - Select Entire Screen

Often, rather than individually choosing certain elements, it would be much more convenient to unmask a whole section of your application. For example, the home tab of your application might not contain any user input or identifiers. While Inspect Mode does allow you to choose containers of views to unmask, it can be a little tricky depending on how your application UI is structured.

Starting with SDK version 1.43.0, you can now select an entire screen from Inspect Mode for Android (Classic Android) and iOS Apps (UIKit).

How do I select an entire screen?

From Session Replay, go to Inspect Mode as you normally would. When you select an element, a new “Select Entire Screen” button will appear under the selector. Click that button, and it will change the selected element to the selector which maps to the screen container. From there you can create a privacy rule, name the screen element, or use the selector how you normally would from Inspect Mode.

CleanShot 2024-03-14 at 09.34.10@2x.png

What Frameworks does it support?

Currently, this feature is only supported for Android and iOS Apps built using Android Fragments, or iOS UIKit. 

How does it work? What is a screen?

Android and iOS Applications have different ways of putting content on screen. For now, Fullstory's approach considers the fundamental ways that iOS and Android applications handle navigation and drawing to a screen: 

  • On iOS, we use the main UIViewController’s root view as the root for the screen content, tied directly to what we emit as our Navigation events in the Event List.
    • While iOS doesn’t have a concept of “main” view controller, we try to choose the first non UIKit Navigation based UIViewController in a UIViewController Hierarchy.
  • On Android, we use the largest Fragment on screen

Because we approximate what the main content container is, the suggested selector may be more broad or narrow than you may have intended, so it is important to verify your unmasking rules after you’ve created them. Since these selectors have the name of your application’s UIViewController or Fragments, developers should be able to easily recognize their names in the suggested selectors, and verify that they target the correct portions of the application.

Using a code-first approach to exclude or mask elements

The above examples describe how to approach privacy from within the Fullstory platform. However, developers may prefer a code-first approach for modifying privacy settings for mobile apps.

See How to Update Mobile Privacy Settings via code for a complete guide.

Capture WebView content by domain

If your application uses WebViews, you must explicitly allow any domain you want to capture within a WebView. For security and privacy reasons, you should only allow domains under your control.

To configure domain allowlisting for WebViews, go to Settings > Data Capture and Privacy > Mobile Data Capture and click Add domain.

Managing privacy for WebView content

After allowlisting domains, you can manage privacy for content within WebViews using either a code-first approach or UI-based data capture rules:

  • Code-first approach: Add web-based privacy classes (such as .fs-exclude, .fs-mask, or .fs-unmask) directly to HTML elements within the WebView. See Managing Privacy for WebView Content for details.
  • UI-based data capture rules: Create element data capture rules in the Fullstory application using the Web platform (not iOS or Android). See Managing Privacy for Mobile WebViews for step-by-step instructions.
Was this article helpful?

Articles in this section

See more

Got Questions?

Get in touch with a Fullstory rep, ask the community or check out our developer documentation.

Technical Support Support
Ask the Community Community
Dev Docs Dev Docs