Comment by AmbroseBierce

It also requires that whatever information the attacker is looking for has been displayed on the screen, so for example my banking app (like most banking apps I guess) masks my 4 digit passcode with asterisks so it is likely safe from this specific attack

PD: I just checked and it also doesn't change the color of the pressed keys or any other visual feedback that an attacker might use.