In my Android app, the user can select a folder thanks to Intent.ACTION_OPEN_DOCUMENT_TREE
I can then write files to this folder.
The problem is that the user can delete this folder or remove the permission to access it.
In both cases, I would like to display a message to explain the user what is happening and how to fix this issue.
I need 2 different messages and so I need to differentiate these 2 cases
I wanted to use DocumentFile.exists() but it returns false in both cases.
How can I do that?
Related
I'm using the following line of code in flutter/dart to make sure that the files that my app creates here aren't visible to the end user. These files have uid's for names and are crucial for the app to operate so I don't want a user to be able to delete them. Am I using the correct function here?
import 'package:path_provider/path_provider.dart';
Directory appDocDir = await getApplicationDocumentsDirectory();
I think that is your best bet. But it's still the users phone and if she is clever enough, anything can be removed (jailbroken, rooted, etc..)
The idea is that only the app can access files there. On Android it returns an internal system-wide folder with a specific folder within that only your app can write to. No other app or user can.
If UIFileSharingEnabled is activated in the Info.plist file for an app, then the user can delete files. Other than that, I think the same applies for iOS phones, that the sandboxed environment with the returned directory only is accessible by the app itself and not the user.
By "permanent" I mean that it resists the application uninstall option that the Android OS offers. Obviously you cannot make a file not deletable in the user's terminal, at the very least, the user will always be able to delete it via the file manager if he wishes so.
I'd need this because in my app when some actions have been performed the app forbids from doing some more. So far this is controlled via a file, but there's nothing that prevents the user from uninstalling the app, and with a new fresh install this doesn't happen anymore.
I could implement some type of server-side logic to prevent the user from continueing but:
1) It's way easier to prevent just by checking the file.
2) It's not that important what happens if the user manages to bypass this security measure, so I don't really mind if a few of them are able to bypass the protection, as long as the file can be "permanent" and is in some obscure directory, not many users are going to be able to perform the mentioned behavior.
Is there any way to do this?
Just get the write file permission and write the file to the root file directory. As described here: https://developer.android.com/training/data-storage/files#WriteExternalStorage
After you request storage permissions and verify that storage is
available, you can save two different types of files:
Public files: Files that should be freely available to other apps and to the user. When the user uninstalls your app, these files should
remain available to the user. For example, photos captured by your app
or other downloaded files should be saved as public files.
Private files: Files that rightfully belong to your app and will be deleted when the user uninstalls your app. Although these files are
technically accessible by the user and other apps because they are on the external storage, they don't provide value to the user outside of your app.
this can be done by configuring auto-backup, assuming that the user has it enabled.
for example, here I've explained how to disable that behavior in debug mode.
the advance is, that it works across several devices, bound to the account.
instead of file , I would suggest to use following intent to catch uninstalling your app and put your logic to allow or deny for uninstall
ACTION_PACKAGE_REMOVED -: Broadcast Action: An existing application package has been removed from the device. The data contains the name of the package. The package that is being installed does not receive this Intent.
ACTION_PACKAGE_FULLY_REMOVED - : Broadcast Action: An existing application package has been completely removed from the device. The data contains the name of the package. This is like ACTION_PACKAGE_REMOVED, but only set when EXTRA_DATA_REMOVED is true and EXTRA_REPLACING is false of that broadcast.
My app gives 200 coins on the first installation. A user can use these coins to perform an action in an application. The number of coins is stored in the SQLite database and can be changed. If you uninstall and install the app number of coins returned (Becomes again 200 coins)
I do not want users to reinstall the app when they have 0 coins and return the original number of coins
I tried to write down the database in the SD card. But what if there is no SD card and what if the user gets access to the database and can change it?
So maybe I can check was app installed before?
Or how I can solve this problem another. So my application works without the server part
First of all, you should know that even if you can detect the application has previously installed on their device, they can simply format their phone.
Then how do I solve this problem?
You should have an online database that stored the users coin. Why? Because no matter how many times the users reinstalled or format their device, they can't alter the coins.
You can still use SQLite as your database for your application. Just simply store the coins seperately.
Just to check if app was installed on the device before or not, you do not need to write the whole database on the sd card.
Secondly , you will write on the internal storage and not on the SD card.
It does not matter if SD card is present or not.
Now , just to check whether app was previously installed or not on the device you can do the following :
When app is first time installed on a device, create a folder named temp or any name which a user will ignore.
Now whenever the app is run, you can simple check whether that folder exists or not ? If that folder exists means the app was already installed if that folder does not exist, means this is the first time the app is installed.
Instead of creating a folder you can also create an empty file and check if the file exists or not.
Let me know if you need some more help.
I need to place a file inside of another application's specific folder. Is there a best practice, or related expected behavior for this?
To solve the issue, I have created the desired file during my APK's installation, then written its contents. While this works (since I have root rights), I want to know if is there a way to "request" another application to "create the file themself", this is mostly to guarantee that when that other application is removed, that it removes its files (since my app is the owner of that file).
I am unsure if this is considered good behavior, and could not "phrase" the question in a way that showed related results (I am not an native English speaker).
I need to place a file, inside of another applications specific folder
If by "applications specific folder", you mean internal storage, this is not possible, except perhaps on rooted devices.
I want to know if is there a way to "request" another application to "create the file themselfs"
Not in general. Some developers might have an API for this in their apps.
The official way of sharing data between apps is ContentProviders.
There is no limit to what may back the specific provider - a file, database or some other data source. I think this is the best way to go in your situation.
The approach you have described is indeed strongly advised against. The whole Android security is based on the idea that you can't directly access the data of other apps.
Ok, here is my proposal. I will assume that you can add functionality to the server app or define some technical guidelines for it at least, so that it's developers have to add the functionality.
A - Server App
B - Client App
[B] Create the html file in the common storage
[B] Save its location to some String variable
(Optional) [A] If there are more server apps that the user can choose from, make sure they all have a BroadcastReceiver with a common INTENT_ACTION.
[B] Send a broadcast Intent with the path saved in 2. as an extra value.
[A] Receive the Intent, check if the path in the extra is present.
[A] Get the file from the received path and copy it into the internal storage.
(Optional) [A] Add a BroadcastReceiver to monitor app uninstalls. When notified about the client app being uninstalled, remove the html file you received from it.
This is the basic algorithm, but I guess the implementation is obvious enough. Let me know if it solves your problem.
I have an application A that launches an intent to install application B(which is present in app A's data folder).
Once application B is installed, file managers like ASTRO can backup Application B's apk file.
So I want to prevent the user from manually installing it(say if he clicks on the backup apk file of Application B it should not install).
Is there a way to disable manual installation...?
But there are two ways to monitor the app.one is, you can use File Observer to
monitor the apps. whenever the apps been taken as back up do stuffs to prevent it. Another way is
For eg: if it's storing in sdcard\am\ use like this.
File f=new File("\mnt\sdcard\am\abc.apk");// file location of your app
{
if(f.exists)
{
f.delete();
}
}
For File Observer,have a glance of this.It might help you.
http://developer.android.com/reference/android/os/FileObserver.html
Can you find the location where the backup is taken and delete the apk.
If APk is available to the file manager then it can open it and install it, I am not aware of any way to stop it as its out of your application scope.
This isn't possible on AOSP Android.
The Install from unknown sources option is a setting in Settings.Global (previously in Settings.Secure) and cannot be controlled by third party applications.
However, it is possible do achieve this if you're willing to modify and compile Android itself for each and every device you want to use this on, as is done by AT&T on some of their devices.
The best you can do is try to find the backup file and delete it if you have access to that part of the storage.
Not sure if it's feasible, but I would solve this by having application A spit out a code that has to be manually entered (like a two step verification) on application B is installed, and then verify it server side. So that way the rogue install like you mentioned would be rendered useless. Maybe you could pop up an error to the user informing them of this.