feat(android): Add custom masking options for session replay (#11624)

* feat(android): Add custom masking options for session replay

* feat(android): Add custom masking options for session replay

* Add missing imports

* Rearrange folders

* Add required version

* Add masking example images

* Update docs/platforms/android/session-replay/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Update docs/platforms/android/session-replay/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Update docs/platforms/android/session-replay/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Update docs/platforms/android/session-replay/privacy/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Update docs/platforms/android/session-replay/privacy/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Update docs/platforms/android/session-replay/privacy/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Update docs/platforms/android/session-replay/privacy/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Update docs/platforms/android/session-replay/privacy/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Fix formatting

* Fix and add masking behavior section

* Add missing images

* Update docs/platforms/android/session-replay/privacy/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Update docs/platforms/android/session-replay/privacy/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Update docs/platforms/android/session-replay/privacy/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Update docs/platforms/android/session-replay/privacy/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Update docs/platforms/android/session-replay/privacy/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Update docs/platforms/android/session-replay/privacy/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Update docs/platforms/android/session-replay/privacy/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Update docs/platforms/android/session-replay/privacy/index.mdx

Co-authored-by: Liza Mock <[email protected]>

* Update docs/platforms/android/session-replay/privacy/index.mdx

* Add old way of disabling redaction

---------

Co-authored-by: Liza Mock <[email protected]>

docs/platforms/android/session-replay/index.mdx

@@ -94,20 +94,23 @@ Sampling begins as soon as a session starts. `sessionSampleRate` is evaluated fi
 
 ## Privacy
 
-The SDK is recording and aggressively redacting all text and images. We plan to add fine controls for redacting, but in this version, we just allow either on or off. The default is on. Please don’t turn it off if you have sensitive data in your app. Before the Beta is complete, we'll give you the controls you need.
+The SDK is recording and aggressively masking all text, images and webviews. Please don’t turn it off if you have sensitive data in your app.
+However, if you're working on a mobile app that's free of PII or other types of private data, you can opt out of the default text and image masking settings. To learn more about Session Replay privacy, [read our docs](/platforms/android/session-replay/privacy/).
 
 <Note>
 
-Jetpack Compose views are not yet redacted. This is being [tracked here](https://github.com/getsentry/sentry-java/issues/3577).
-If you encounter any other data not being redacted with the default settings, please let us know through a [GitHub issue](https://github.com/getsentry/sentry-java/issues/new?assignees=&labels=Platform%3A+Android%2CType%3A+Bug&projects=&template=bug_report_android.yml).
+If you find that any other data isn't being masked with the default settings, please let us know by creating a [GitHub issue](https://github.com/getsentry/sentry-java/issues/new?assignees=&labels=Platform%3A+Android%2CType%3A+Bug&projects=&template=bug_report_android.yml).
 
 </Note>
 
-To disable redaction altogether (not to be used on applications with sensitive data):
+To disable masking altogether (not to be used on applications with sensitive data):
 
 ```kotlin
-options.experimental.sessionReplay.redactAllText = false
-options.experimental.sessionReplay.redactAllImages = false
+options.experimental.sessionReplay.maskAllText = false
+options.experimental.sessionReplay.maskAllImages = false
+// if you're on version < 7.15.0
+// options.experimental.sessionReplay.redactAllText = false
+// options.experimental.sessionReplay.redactAllImages = false
 ```
 
 ## Error Linking
@@ -120,8 +123,12 @@ Errors that happen on the page while a replay is running will be linked to the r
 
 ## FAQ
 
+Q: Why are parts of my replay not masked?
+A: Text fields, input fields, images, video players and webviews are all masked by default. Local assets, such as colors or vector drawables, aren't masked because the likelihood of these assets containing PII is low. If you encounter a view/component that should be masked by default, consider opening a [GitHub issue](https://github.com/getsentry/sentry-java/issues).
+
 Q: Does Session Replay work with Jetpack Compose?
-A: Yes, but we're still adding support for redaction for Jetpack Compose views. Redaction will be added during the Beta program and after GA these views will be masked by default.
+A: Yes, by default, text, input field, and image composables should be masked. Masking within embedded Android views (`AndroidView`)
+in Compose isn't currently supported. If you encounter composables that aren't masked but should be, consider opening a [GitHub issue](https://github.com/getsentry/sentry-java/issues).
 
 Q: What's the lowest version of Android supported?
 A: Recording only happens on Android 8 (API level 26) or newer. For devices running an older version, SDK features other than recording work normally.

docs/platforms/android/session-replay/privacy/index.mdx

@@ -0,0 +1,155 @@
+---
+title: Privacy
+sidebar_order: 5501
+notSupported:
+description: "Learn how to mask parts of your app's data in Session Replay."
+---
+
+<Alert>
+
+Using custom masking in your Session Replays may accidentally expose sensitive customer data. Before publishing an App with Session Replay enabled, make sure to test it thoroughly to ensure that no sensitive data is exposed.
+
+
+</Alert>
+
+By default, our Session Replay SDK masks all text content, images, webviews, and user input. This helps ensure that no sensitive data is exposed. You can also manually choose which parts of your app's data you want to mask by using the different options listed below.
+
+To disable the default masking behavior (not to be used on applications with sensitive data):
+
+```kotlin
+options.experimental.sessionReplay.maskAllText = false
+options.experimental.sessionReplay.maskAllImages = false
+// if you're on version < 7.15.0
+// options.experimental.sessionReplay.redactAllText = false
+// options.experimental.sessionReplay.redactAllImages = false
+```
+
+|Session Replay Unmasked        |  Session Replay Masked                   |
+|:-----------------------------:|:---------------------------------------: |
+|![session replay unmasked](./img/session-replay.jpg)  |![session replay masked](./img/session-replay-redacted.jpg) |
+
+
+_Make sure your Sentry Android SDK version is at least 7.15.0._
+
+## Mask by View Class
+
+You can choose which type of view you want to mask or unmask by using the `addMaskViewClass` or `addUnmaskViewClass` options.
+
+Let's say you have:
+- A custom view that you want to mask
+- A `TextView` subclass (which normally would be masked) that you don't want to mask
+
+You can set the options like this:
+
+```kotlin
+options.experimental.sessionReplay.addMaskViewClass("com.example.MyCustomView")
+options.experimental.sessionReplay.addUnmaskViewClass("com.example.MyCustomTextView")
+```
+
+<Note>
+
+If you're using a code obfuscation tool (R8/ProGuard), adjust your proguard rules accordingly so your custom view class names don't get minified.
+
+</Note>
+
+### Class Hierarchy
+
+The masking behavior applies to classes and their subclasses. This means if you add a view via `addMaskViewClass` (for example, `TextView`, which is the default behavior), its respective subclasses (`RadioButton`, `CheckBox`, `EditText`, and so on) will also be masked. For example, you can do the following:
+
+```kotlin
+options.experimental.sessionReplay.addMaskViewClass("android.widget.TextView") // mask TextView and all its subclasses
+options.experimental.sessionReplay.addUnmaskViewClass("android.widget.RadioButton") // but unmask RadioButton and all its subclasses
+```
+
+## Mask by View Instance
+
+You can also choose to mask or unmask a specific view instance by using tags like this:
+
+```xml
+<View
+  android:id="@+id/my_view"
+  android:layout_width="wrap_content"
+  android:layout_height="wrap_content"
+  android:tag="sentry-mask|sentry-unmask"
+/>
+```
+
+```kotlin
+view.tag = "sentry-mask|sentry-unmask"
+```
+
+If your view already has a tag assigned, you can set the masking tag by a sentry-specific id:
+
+```xml
+<View
+  android:id="@+id/my_view"
+  android:layout_width="wrap_content"
+  android:layout_height="wrap_content">
+
+  <tag android:id="@id/sentry_privacy" android:value="mask|unmask"/>
+</View>
+```
+
+```kotlin
+  view.setTag(io.sentry.android.replay.R.id.sentry_privacy, "mask|unmask")
+```
+
+We also provide convenient extension functions for Kotlin:
+
+```kotlin
+view.sentryReplayMask()
+// or
+view.sentryReplayUnmask()
+```
+
+## Jetpack Compose
+
+We only support masking specific composables in Jetpack Compose. Since composables are functions, not classes, masking by view class isn't possible.
+
+In the example below, we want the "Hello" message to be captured in the replay, but not the custom composable. (By default, all text composables are masked.)
+
+```kotlin
+import io.sentry.android.replay.sentryReplayMask
+import io.sentry.android.replay.sentryReplayUnmask
+
+Column(
+  verticalArrangement = Arrangement.Center,
+  horizontalAlignment = Alignment.CenterHorizontally,
+  modifier = Modifier.fillMaxSize()
+) {
+  MyCustomComposable(
+    modifier = Modifier.fillMaxWidth().sentryReplayMask()
+    ...
+  )
+  Text("Hello", modifier = Modifier.sentryReplayUnmask())
+}
+```
+
+Currently, we don't support masking anything within embedded Android views (`AndroidView`), but you can still mask the entire view as follows:
+
+```kotlin
+import io.sentry.android.replay.sentryReplayMask
+
+AndroidView(
+  modifier = Modifier.sentryReplayMask(),
+  factory = { context -> ... }
+)
+```
+
+## General Masking Rules
+
+
+### View Groups
+
+- If a `ViewGroup` is marked as masked, **all its child views will also be masked**, even if some views would normally not be masked. This prioritizes safety and ensures no sensitive information is unintentionally exposed.
+
+- If a `ViewGroup` is marked as unmasked, **its child views don't automatically inherit this behavior**. You'll need to explicitly mark each child view as unmasked if you want them to appear in the replay.
+
+### Masking Priority
+
+Masking and unmasking rules are applied in the following order:
+
+  1. Check if a view is marked as `unmasked` via a tag/extension or function/modifier.
+  2. Check if a view is marked as `masked` via a tag/extension or function/modifier.
+  3. Check if a view's class is marked as unmasked via `addUnmaskViewClass`.
+  4. Check if a view's class is marked as masked via `addMaskViewClass`.