fix(session-replay): Add detection for potential PII leaks disabling session replay (#6389)

(cherry picked from commit ab82dac)

Author: philprime

CHANGELOG.md

@@ -29,8 +29,39 @@
 
 - Replace deprecated SCNetworkReachability with NWPathMonitor (#6019)
 
+> [!Warning]
+> **Session Replay is disabled by default on iOS 26.0+ with Xcode 26.0+ to prevent PII leaks**
+>
+> Due to potential masking issues introduced by Apple's Liquid Glass rendering changes in iOS 26.0, Session Replay is now **automatically disabled** on apps running iOS 26.0+ when built with Xcode 26.0 or later. This is a defensive measure to protect user privacy and prevent potential PII leaks until masking is reliably supported.
+>
+> Session replay will work normally if:
+>
+> - Your app runs on iOS versions older than 26.0, OR
+> - Your app is built with Xcode versions older than 26.0, OR
+> - Your app explicitly sets `UIDesignRequiresCompatibility` to `YES` in `Info.plist`
+>
+> **Override (use with caution):** If you understand the PII risks and want to enable session replay anyway, you can set:
+>
+> ```swift
+> options.experimental.enableSessionReplayInUnreliableEnvironment = true
+> ```
+>
+> This experimental override option will be removed in a future minor version once the masking issues are resolved.
+
+### Fixes
+
+- Fix wrong Frame Delay when becoming active, which lead to false reported app hangs when the app moves to the foreground after being in the background (#6393)
+- Session replay is now automatically disabled in environments with unreliable masking to prevent PII leaks (#6389)
+  - Detects iOS 26.0+ runtime with Xcode 26.0+ builds (DTXcode >= 2600)
+  - Detects missing or disabled `UIDesignRequiresCompatibility`
+  - Uses defensive approach: assumes unsafe unless proven safe
+- Add `options.experimental.enableSessionReplayInUnreliableEnvironment` to allow overriding the automatic disabling (#6389)
+
 ## 8.56.2
 
+> [!Warning]
+> Session Replay in this version does not correctly mask views when built with Xcode 26 and running on iOS 26 with Liquid Glass, which may lead to PII leaks. Please upgrade to 8.57.0 or later, which automatically **disables session replay** in such environments.
+
 ### Fixes
 
 - Fix crash from null UIApplication in SwiftUI apps (#6264)
@@ -40,6 +71,9 @@
 > [!Warning]
 > This version can cause runtime crashes because the `UIApplication.sharedApplication`/`NSApplication.sharedApplication` is not yet available during SDK initialization, due to the changes in [PR #5900](https://github.com/getsentry/sentry-cocoa/pull/5900), released in [8.56.0](https://github.com/getsentry/sentry-cocoa/releases/tag/8.56.0).
 
+> [!Warning]
+> Session Replay in this version does not correctly mask views when built with Xcode 26 and running on iOS 26 with Liquid Glass, which may lead to PII leaks. Please upgrade to 8.57.0 or later, which automatically **disables session replay** in such environments.
+
 ### Fixes
 
 - Fix potential app launch hang caused by the SentrySDK (#6181)
@@ -51,6 +85,9 @@
 > [!Warning]
 > This version can cause runtime crashes because the `UIApplication.sharedApplication`/`NSApplication.sharedApplication` is not yet available during SDK initialization, due to the changes in [PR #5900](https://github.com/getsentry/sentry-cocoa/pull/5900), released in [8.56.0](https://github.com/getsentry/sentry-cocoa/releases/tag/8.56.0).
 
+> [!Warning]
+> Session Replay in this version does not correctly mask views when built with Xcode 26 and running on iOS 26 with Liquid Glass, which may lead to PII leaks. Please upgrade to 8.57.0 or later, which automatically **disables session replay** in such environments.
+
 ### Features
 
 - Structured Logs: Flush logs on SDK flush/close (#5834)
@@ -133,6 +170,9 @@
 
 ## 8.55.1
 
+> [!Warning]
+> Session Replay in this version does not correctly mask views when built with Xcode 26 and running on iOS 26 with Liquid Glass, which may lead to PII leaks. Please upgrade to 8.57.0 or later, which automatically **disables session replay** in such environments.
+
 ### Features
 
 ### Fixes
@@ -159,6 +199,9 @@
 > If your app does not need arm64e, you don't need to make any changes.
 > But if your app _needs arm64e_ please use `Sentry-Dynamic-WithARM64e` or `Sentry-WithoutUIKitOrAppKit-WithARM64e` from 8.55.0 so you don't have issues uploading to the App Store.
 
+> [!Warning]
+> Session Replay in this version does not correctly mask views when built with Xcode 26 and running on iOS 26 with Liquid Glass, which may lead to PII leaks. Please upgrade to 8.57.0 or later, which automatically **disables session replay** in such environments.
+
 ### Features
 
 - Add a new prebuilt framework with arm64e and remove it from the regular one (#5788)
@@ -182,6 +225,9 @@
 
 ## 8.54.0
 
+> [!Warning]
+> Session Replay in this version does not correctly mask views when built with Xcode 26 and running on iOS 26 with Liquid Glass, which may lead to PII leaks. Please upgrade to 8.57.0 or later, which automatically **disables session replay** in such environments.
+
 ### Features
 
 - Add experimental support for capturing structured logs via `SentrySDK.logger` (#5532, #5593, #5639, #5628, #5637, #5643)

Samples/SentrySampleShared/SentrySampleShared/SentrySDKOverrides.swift

@@ -109,6 +109,8 @@ public enum SentrySDKOverrides: String, CaseIterable {
 
         case disableMaskAllImages = "--io.sentry.session-replay.disable-mask-all-images"
         case disableMaskAllText = "--io.sentry.session-replay.disable-mask-all-text"
+        
+        case enableInUnreliableEnvironment = "--io.sentry.session-replay.enable-in-unreliable-environment"
     }
     case sessionReplay = "Session Replay"
 
@@ -323,7 +325,7 @@ extension SentrySDKOverrides.Performance {
 extension SentrySDKOverrides.SessionReplay {
     public var overrideType: OverrideType {
         switch self {
-        case .disable, .disableViewRendererV2, .enableFastViewRendering, .disableMaskAllText, .disableMaskAllImages: return .boolean
+        case .disable, .disableViewRendererV2, .enableFastViewRendering, .disableMaskAllText, .disableMaskAllImages, .enableInUnreliableEnvironment: return .boolean
         case .onErrorSampleRate, .sessionSampleRate: return .float
         case .quality: return .string
         }
@@ -411,7 +413,7 @@ extension SentrySDKOverrides.SessionReplay {
     public var ignoresDisableEverything: Bool {
         switch self {
         case .disable: return false
-        case .disableViewRendererV2, .enableFastViewRendering, .disableMaskAllText, .disableMaskAllImages, .onErrorSampleRate, .sessionSampleRate, .quality: return true
+        case .disableViewRendererV2, .enableFastViewRendering, .disableMaskAllText, .disableMaskAllImages, .onErrorSampleRate, .sessionSampleRate, .quality, .enableInUnreliableEnvironment: return true
         }
     }
 }

Samples/SentrySampleShared/SentrySampleShared/SentrySDKWrapper.swift

@@ -61,6 +61,10 @@ public struct SentrySDKWrapper {
             )
             let defaultReplayQuality = options.sessionReplay.quality
             options.sessionReplay.quality = SentryReplayOptions.SentryReplayQuality(rawValue: (SentrySDKOverrides.SessionReplay.quality.stringValue as? NSString)?.integerValue ?? defaultReplayQuality.rawValue) ?? defaultReplayQuality
+
+            // Allow configuring unreliable environment protection via SDK override.
+            // Default to false for the sample app to allow testing on iOS 26+ with Liquid Glass.
+            options.experimental.enableSessionReplayInUnreliableEnvironment = SentrySDKOverrides.SessionReplay.enableInUnreliableEnvironment.boolValue
         }
 
 #if !os(tvOS)

Samples/Shared/feature-flags.yml

@@ -22,6 +22,7 @@ schemeTemplates:
         "--io.sentry.session-replay.enable-fast-view-rendering": false
         "--io.sentry.session-replay.disable-mask-all-images": false
         "--io.sentry.session-replay.disable-mask-all-text": false
+        "--io.sentry.session-replay.enable-in-unreliable-environment": false
 
         # user feedback
         "--io.sentry.feedback.use-custom-feedback-button": false