This work addresses the critical privacy vulnerability posed by screen re-photography attacks (S-RAHA), wherein adversaries exploit external devices to physically capture and forward sensitive on-screen content—a threat inadequately mitigated by existing screenshot protection mechanisms. To counter this, we propose the first mobile-oriented, on-device defense framework that leverages a lightweight deep learning model to detect screen re-photographed content in real time and automatically blocks suspicious forwarding attempts through on-device policies. A key innovation is the integration of an Invisible Metadata Identifier (IMI), enabling forensic tracing of leakage pathways. Experimental evaluation demonstrates that the system reliably distinguishes between original and re-photographed images across diverse environmental conditions, substantially enhancing the privacy protection of visual content on mobile platforms.

Protecting sensitive visual content from unauthorized redistribution is a growing challenge for privacy focused mobile applications, including dating platforms. Screenshot prevention mechanisms, rely on server side monitoring or are limited to digital screenshot detection, are commonly deployed to stop forwarding sensitive images. However, an adversary uses another smartphone to take a photo of the mobile screen, in this scenario the existing solutions offer no protection against psychically screen recapture attacks. Since the attack happens in the physical plane rather than on a digital plane and shows a void or hole in the existing solutions, we name this the Screen Recaptured Analog Hole Attack (S RAHA). Such physically recaptured images bypass digital safeguards and can be freely forwarded, creating substantial privacy, personal safety, and forensic risks. We present a low computational secure by design on device framework that aims to detect and prevent the forwarding of recaptured images directly to the users device. The proposed system integrates a deep learning assisted recapture detection model capable of distinguishing original digital content from camera to screen captures under diverse environmental conditions, together with an on device enforcement mechanism that automatically blocks the sharing of suspected recaptured images between applications. We also introduce the concept of an invisible metadata identifier (IMI) that can be embedded into protected images to enable forensic traceability of potential leakage paths. Although the IMI component is explored at a conceptual and feasibility level rather than fully implemented, it demonstrates a promising direction for integrating lightweight, invisible identifiers into client side security architectures.