Sensitive Field Readout Warning
Feature Detail
Description
The Sensitive Field Readout Warning feature displays a caution notice whenever the Meander Mobile App is about to vocalize content classified as sensitive - such as contact personal identifiers, encrypted assignment payloads, medical summaries, or home addresses - through an active screen reader. The warning gives the peer mentor an opportunity to pause, move to a private environment, or dismiss the readout before sensitive information is exposed to bystanders. This protects data subjects and peer mentors in shared public spaces where the app is commonly used.
Sources & reasoning
Directly stated in section 1.2 as a named accessibility requirement raised by NHF. The blueprint lists this feature under the Accessibility area as MVP. The requirement is scoped narrowly (a warning widget for screen reader contexts) making it low complexity, but it addresses a real GDPR and confidentiality risk for screen reader users accessing sensitive contact and assignment data in public settings.
No source references — this artifact was included based on reasoning alone (see above).
Analysis
Peer mentors regularly operate in shared environments - public transport, care homes, and community centers - where an accidental screen reader readout of a contact's personal details or an encrypted assignment body constitutes a serious confidentiality breach. NHF raised this requirement directly in workshops. For Blindeforbundet, whose encrypted assignment feature handles names, addresses, and epikrise content, the risk is especially high. The warning mechanism is lightweight in engineering effort but high in privacy impact, directly supporting GDPR confidentiality obligations and organizational duty-of-care policies without disrupting non-screen-reader users.
A SensitiveFieldWrapper widget wraps any content tagged as sensitive. When Flutter's SemanticsBinding.instance.accessibilityFeatures.accessibleNavigation flag is true and focus moves to a wrapped field, the wrapper intercepts readout and presents an accessible modal warning before revealing the value. Fields requiring the wrapper are identified via a sensitive metadata annotation in the data layer: contact ID fields, encrypted assignment body, relative personal details, and any field schema-tagged sensitive. The warning widget must itself be fully accessible - focusable, with a dismiss Semantics action - and must never repeat the protected content in its own semantic tree.
Components (44)
Shared Components
These components are reused across multiple features
Service Layer (11)
Data Layer (23)
Infrastructure (7)
User Stories
No user stories have been generated for this feature yet.