I'm working on an internal app for ~500 users, so I don't want to publish it in the Play Store.
I've built an auto-update mechanism where I check for updates by calling my server and initiate the download using DownloadManager and then a BroadcastReceiver.
The storage directory where I download the new version of the App is important to me as I don't want to ask my users for WRITE_EXTERNAL_STORAGE permission.
I've investigated getFilesDir(), getExternalFilesDir() and getExternalPublicDir() but I'm confused what are the pros and cons of each when compared to other, and will there be any blocker that I may face if I choose a particular destination? Any help regarding that will be very much appreciated.
It is better to use getFilesDir() and store the code in your app's private area which is not accessible by other apps, to avoid security risks. The other two options return a directory that is accessible by other apps. You do not need WRITE_EXTERNAL_STORAGE permission to write files in the directory returned by getFilesDir().
Related
i have app to write image file to folder, but when i publish to play store, the app got rejected because sensitive permission MANAGE_EXTERNAL_STORAGE.
Rejected App
I already change the compilesdk 29, but then got rejected again because minimal sdk is 30.
Please teach me how to publish my app with permission to write file on android 11 to playstore.
Why your app got rejected
On Android 11, to use MANAGE_EXTERNAL_STORAGE permission your app need to fill one of these usecases:
File managers
Backup and restore apps
Anti-virus apps
Document management apps
On-device file search
Disk and file encryption
Device-to-device data migration
As you said, your app only need to write a image to the storage, so you don't need the full-control of the Android OS file-system, which is the purpose of the MANAGE_EXTERNAL_STORAGE permission.
So, to fix that, you need to use a more privacy-friendly API like Shared Storage API WRITE_EXTERNAL_STORAGE. This API allows you to write to external storage but this has some constraints which makes this API more privacy-friendly.
What should I use?
It depends, depends on what your app need to do. But, in a nutshell, we can say that:
The app need to write and read files frequently and need to share across the OS (Show in gallery, Shared Downloads folder, or something else that will be visible to the user)
Use MANAGE_EXTERNAL_STORAGE API which allows you to manage external storage as well, refer to MANAGE_EXTERNAL_STORAGE_API reference.
The app need to export some files to shared scope (Gallery, Downloads folder, anything that will be visible to the user) but not frequently
Use Shared Media API WRITE/READ_EXTERNAL_STORAGE which allows you to read and write to shared folders but with some constraints.
The app only needs to storage user preferences, like, to keep theme, user config or something related to app data.
You don't need permission, see app-specific files
Resources
Android Data Storage Overview
WRITE_EXTERNAL_STORAGE Documentation
MANAGE_EXTERNAL_STORAGE Documentation
Scenario
I've two apps, one is the Tracker App which records the incoming and outgoing calls and zipped these files, and sends the file path to the Main App via Inter-Process Communication which uploads these files to the server.
Now I'm upgrading both apps to Android 11. In Tracker App, I'm using MediaStore.Files API to save files and trying to read these files using the file path in Main App. While reading file File.canRead() returns false in Main App. Even I tried MediaStore API to read these files it returns empty Cursor.
Here I've few questions.
Can I read files that are created by the Others app on Android 11? I read somewhere that you can't access others apps files in Android 11.
Is my app eligible for MANAGE_EXTERNAL_STORAGE permission to access all files in storage?
What will be the best way to handle this scenario?
Can ``` Storage Access Framework `` help me to handle this scenario?
I'm saving files in the public directory Documents/AppData/Audio. Please give me working links regarding this. Any help will be appreciated. Thanks
As in Android 11 MediaStore API only returns media files.
so, i will answer your questions related to it.
Can I read files that are created by the Others app on Android 11? I
read somewhere that you can't access others apps files in Android 11.
No! you can't access the files created by other application that are stored in personal storage of that specific app.
Is my app eligible for MANAGE_EXTERNAL_STORAGE permission to access
all files in storage?
As far as i understand, your app doesn't required external storage to store the data it can be also done in private storage where you can read or write your data. and if your app is eligible for this permission anyway still you can't use it as of now. it's been suggested by official web rather then asking this permission make target API 29 and use android:requestLegacyExternalStorage="true" in your manifest.
click here to read about it.
What will be the best way to handle this scenario?
Rather using external audio path you can use you app specific folder to store the archive that you are creating.
Can ``` Storage Access Framework `` help me to handle this scenario?
I don't have much idea about how IPC work between two apps so i can't tell exactly that it will be better to use Storage framework.
I've two apps, one is the Tracker App which records the incoming and outgoing calls and zipped these files, and sends the file path to the Main App via Inter-Process Communication which uploads these files to the server.
That seems overly complex.
Can I read files that are created by the Others app on Android 11?
Technically, you are not writing a file. You are creating an entry in MediaStore.Files. Other apps cannot read entries that you create in MediaStore.Files.
Is my app eligible for MANAGE_EXTERNAL_STORAGE permission to access all files in storage?
We are not Google. We have no way of answering that. It would surprise me greatly, though, if they considered your app to be eligible for this.
What will be the best way to handle this scenario?
Well, IMHO, the best way by far would be to have one app, not two. But I am assuming you are not in position to change that at this time.
If so, then:
Have the "tracker" app write the content to files in a filesystem directory that the app can write to. Mostly, that will be via methods on Context, such as getFilesDir() or getExternalCacheDir().
Have the "tracker" app use FileProvider to serve files from that directory, and use FileProvider.getUriForFile() to get a Uri pointing to that file.
Have the "tracker" app invoke your "main" app via some Intent-based mechanism (startActivity(), startService(), sendBroadcast(), etc.). Put the Uri from the previous bullet into that Intent, and add FLAG_GRANT_READ_URI_PERMISSION to that Intent.
Have the "main" app read the content using a ContentResolver and openInputStream(), passing in the Uri that it extracts from its copy of the Intent.
Can ``` Storage Access Framework `` help me to handle this scenario?
You could have the user, in each app, use the Storage Access Framework. For example, you could use ACTION_OPEN_DOCUMENT_TREE in each app, hoping that the user would choose the same tree in each app. Personally, I would use FileProvider, as it does not require user interaction and does not require the user to make good choices.
The receiving app can use SAF to let the user pick your directory.
Or more standard: you have files so you build your own file/content provider to serve your files.
And if you use inter process communication(how by the way) you could serve your files one by one using the uri from mediastore and FileProvider.
I have read the Android docs, and I am not hopeful, but I thought I would give it a go anyways. Basically, the situation is that I have 2 apps. App A is a content manager that checks on a secured server for content files and downloads them to its storage on the Android device. App B (and any other apps that later may be needed) needs to view the content in App A's storage. Usually FileProvider would be the way I go, but there's a problem with that.
Many of the content files are HTML documents with relative links. FileProvider doesn't give access to every linked file to App B, so links are regularly broken. I am not sure, as it is not my project, if App A can be directed to download to a shared location either.
Is there a way to:
have App A grant what apps are allowed read access to its storage?
have FileProvider grant general read access to a directory and all its sub-directories?
anything else someone might think of to get App B to view the files App A downloads?
or is this, as I fear, currently not possible due to Android restrictions?
Thank you.
As long as both your apps (A and B) are signed with same certificate then you can share resources between each other. This is a common practice within a lot of apps available at play store.
https://developer.android.com/guide/topics/manifest/permission-element.html#plevel
https://developer.android.com/guide/topics/manifest/manifest-element.html#uid
I've read this and this article, but I'm not sure where is the best place to store the image data from my app.
My app contains a products database, and when a product is viewed, the image for that product is downloaded from the server and needs to be stored locally.
Most advice seems to be use Environment.getExternalStorageDirectory(), but very few posts seem to recommend context.getExternalFilesDir() - despite it possibly being more appropriate for many types of apps (and not requiring manifest permissions since KitKat).
Anyway, the problem with both these two external storage solutions is that they generally require the android.permission.WRITE_EXTERNAL_STORAGE permission - which is likely to put off a lot of my prospective users.
So I today discovered context.getFilesDir() for internal storage - which seems ideal for my applications as it does not appear to require a manifest permission and if the user uninstalls my app then all the content will get cleaned up (plus, the content my app stores there will not be publicly visible - which I suppose is bonus).
The aforementioned Android documentation does not warn against using context.getFilesDir(), so I am wondering what the drawbacks are? Clogging up the internal storage with downloaded data is the only one I can think of - but if it is the case that most apps are writing to external storage, then if my app also writing external storage then isn't that more likely to clog things up?
So, to summarise, I want to store downloaded images on the device, really want to avoid adding manifest permissions, would prefer other apps being unable to access my data, but want to solve this the 'right' way - so does using internal storage / context.getFilesDir() fit the bill or am I missing something??
I was wondering, when we download an app which is very cool but before you install it ask to give permission for almost everything you have on the phone. Even that app can make call without your permission to your contacts. Given this scenario, how do we say an unrooted device where app data is secured from other app access? if I have an app which stores data on the device memory then would that be accessed by one of those app which takes all permission before installed?
Thanks in advance for your response.
Apps are still sandboxed, they can't access each others internal storage even with requested permissions.
I'm not sure this is the correct forum for your question though as it's not related to developing. This isn't the right site for IT support.
Edit
As mentioned in the comments - anything put somewhere insecure location such as the SD card would be readable, but the default file storage is a bit more secure.
From the android docs (http://developer.android.com/training/basics/data-storage/files.html)
Note: Your app's internal storage directory is specified by your app's
package name in a special location of the Android file system.
Technically, another app can read your internal files if you set the
file mode to be readable. However, the other app would also need to
know your app package name and file names. Other apps cannot browse your internal directories and do not have read or write access unless you explicitly set the files to be readable or writable.