Sensitive Field Privacy Guard
Component Detail
Description
Business logic service that intercepts screen reader focus events on fields flagged as sensitive and orchestrates the warning flow. Maintains a session-level suppression state so the user is not repeatedly interrupted within a single session. Works with the SensitiveFieldConfiguration to determine which fields require guarding.
sensitive-field-privacy-guard
Summaries
The Sensitive Field Privacy Guard protects users' personal and confidential data from being read aloud in public or shared spaces when a screen reader is active. Without this safeguard, fields such as health information, payment details, or personal identifiers could be announced audibly to anyone nearby, creating a serious privacy and trust risk. By intercepting screen reader focus events and presenting a consent-based warning before revealing sensitive values, this component demonstrates a mature, user-centric approach to data privacy that goes beyond regulatory minimum requirements. It directly supports user trust and retention among users with disabilities, a segment often underserved by mobile applications.
Session-level suppression ensures the experience remains fluid without repeated interruptions.
Sensitive Field Privacy Guard is a high-complexity shared service with three dependencies: screen-reader-detection-service, sensitive-field-configuration, and sensitive-field-warning-dialog. All three must be completed and tested before this component can be integrated, making dependency sequencing a scheduling priority. The session suppression state introduces stateful behaviour that requires careful test coverage: edge cases include app backgrounding mid-session, session timeout, and rapid focus transitions between multiple sensitive fields. Plan for dedicated accessibility QA using both VoiceOver and TalkBack with a test script covering the full warning-and-suppress flow.
Because this component touches the accessibility_settings data model, any schema changes to that model require a corresponding update here.
Sensitive Field Privacy Guard implements a focus-interception pattern by subscribing to screen-reader-detection-service's stream and registering focus callbacks via semantics-wrapper-widget on fields listed in sensitive-field-configuration. guardField() evaluates isSuppressedForSession() first; if suppressed, it calls onAllowed() immediately. Otherwise it invokes sensitive-field-warning-dialog.show() and routes the user's decision to either suppressForSession() + onAllowed() or onBlocked(). Session suppression state is stored in a Map
The component reads accessibility_settings data model to determine the configured warning behaviour (warn-once vs warn-always). All guard logic is bypassed when screen-reader-detection-service.isScreenReaderActive() returns false, ensuring zero overhead for non-AT sessions.
Responsibilities
- Intercept screen reader focus events for fields with the sensitive flag
- Coordinate with SensitiveFieldWarningDialog to display the alert
- Maintain per-session suppression to avoid repeated interruptions
- Reset suppression state on session end or app restart
Interfaces
guardField(fieldId, onAllowed, onBlocked)
isSuppressedForSession(fieldId)
suppressForSession(fieldId)
clearSessionSuppressions()
registerSensitiveField(fieldId, label)
Relationships
Dependencies (3)
Components this component depends on
Related Data Entities (5)
Data entities managed by this component