By "permanent" I mean that it resists the application uninstall option that the Android OS offers. Obviously you cannot make a file not deletable in the user's terminal, at the very least, the user will always be able to delete it via the file manager if he wishes so.
I'd need this because in my app when some actions have been performed the app forbids from doing some more. So far this is controlled via a file, but there's nothing that prevents the user from uninstalling the app, and with a new fresh install this doesn't happen anymore.
I could implement some type of server-side logic to prevent the user from continueing but:
1) It's way easier to prevent just by checking the file.
2) It's not that important what happens if the user manages to bypass this security measure, so I don't really mind if a few of them are able to bypass the protection, as long as the file can be "permanent" and is in some obscure directory, not many users are going to be able to perform the mentioned behavior.
Is there any way to do this?
Just get the write file permission and write the file to the root file directory. As described here: https://developer.android.com/training/data-storage/files#WriteExternalStorage
After you request storage permissions and verify that storage is
available, you can save two different types of files:
Public files: Files that should be freely available to other apps and to the user. When the user uninstalls your app, these files should
remain available to the user. For example, photos captured by your app
or other downloaded files should be saved as public files.
Private files: Files that rightfully belong to your app and will be deleted when the user uninstalls your app. Although these files are
technically accessible by the user and other apps because they are on the external storage, they don't provide value to the user outside of your app.
this can be done by configuring auto-backup, assuming that the user has it enabled.
for example, here I've explained how to disable that behavior in debug mode.
the advance is, that it works across several devices, bound to the account.
instead of file , I would suggest to use following intent to catch uninstalling your app and put your logic to allow or deny for uninstall
ACTION_PACKAGE_REMOVED -: Broadcast Action: An existing application package has been removed from the device. The data contains the name of the package. The package that is being installed does not receive this Intent.
ACTION_PACKAGE_FULLY_REMOVED - : Broadcast Action: An existing application package has been completely removed from the device. The data contains the name of the package. This is like ACTION_PACKAGE_REMOVED, but only set when EXTRA_DATA_REMOVED is true and EXTRA_REPLACING is false of that broadcast.
Related
I'm using the following line of code in flutter/dart to make sure that the files that my app creates here aren't visible to the end user. These files have uid's for names and are crucial for the app to operate so I don't want a user to be able to delete them. Am I using the correct function here?
import 'package:path_provider/path_provider.dart';
Directory appDocDir = await getApplicationDocumentsDirectory();
I think that is your best bet. But it's still the users phone and if she is clever enough, anything can be removed (jailbroken, rooted, etc..)
The idea is that only the app can access files there. On Android it returns an internal system-wide folder with a specific folder within that only your app can write to. No other app or user can.
If UIFileSharingEnabled is activated in the Info.plist file for an app, then the user can delete files. Other than that, I think the same applies for iOS phones, that the sandboxed environment with the returned directory only is accessible by the app itself and not the user.
I am in the process of writing a Xamarin.Forms line-of-business application.
The app will be targeting UWP and Android.
I have a requirement of being able to store information and pictures taken, in a shared folder on the local storage. This way, multiple users of the same device at different times can resume work-in-progress of the first user.
I am not sure what my options are, as I am unable to write outside of AppData folder (for UWP).
I read about potentially using a Picker and storing the selected folder in the FutureAccessList for UWP, but I am unsure if it will actually work and seems hacky as I will need to come up with a way of doing the same for Android at a later time.
Any ideas/pointers are greatly appreciated!
There is a special ApplicationData.SharedLocalFolder folder that allows you to share app data across user accounts on a PC. Its main limitation is that it requires appropriate Group Policy:
SharedLocalFolder is only available if the device has the appropriate group policy. If the group policy is not enabled, the device administrator must enable it. From Local Group Policy Editor, navigate to Computer Configuration\Administrative Templates\Windows Components\App Package Deployment, then change the setting "Allow a Windows app to share application data between users" to "Enabled."
I feel that the fact that this is not allowed by default is a great obstacle to the usefulness of this API.
There a publisher cache folder, but this solution is not appropriate for you because of documentation says:
Publisher Cache shares data across apps for the current user
So I would probably really go with the picker-based solution you proposed. Offer the user to select a folder to save the data to using the FolderPicker and then store the selected folder to the FutureAccessList. The future access list is reliable and can even track the changes of the selected item (like when the user moves it to a different location). The abstraction of the selection process in a cross-platform manner may be a bit more complicated, but it should be possible to hide it behind a dependency service implementation. My guess will provide an async method that will initialize the target location. On UWP this will check the FutureAccessList if a location was selected previously and if it was not, it will use the FolderPicker to let the user select it and will store it for future user afterward. On Android, it will work in Android specific manner (I am not sure what are the options there). Then the service will have some file manipulation methods that will abstract the platform-specific manipulation with the folder (I think you cannot use the common System.IO namespace, as you cannot directly access the user selected folder outside of the StorageFolder API)
I need to place a file inside of another application's specific folder. Is there a best practice, or related expected behavior for this?
To solve the issue, I have created the desired file during my APK's installation, then written its contents. While this works (since I have root rights), I want to know if is there a way to "request" another application to "create the file themself", this is mostly to guarantee that when that other application is removed, that it removes its files (since my app is the owner of that file).
I am unsure if this is considered good behavior, and could not "phrase" the question in a way that showed related results (I am not an native English speaker).
I need to place a file, inside of another applications specific folder
If by "applications specific folder", you mean internal storage, this is not possible, except perhaps on rooted devices.
I want to know if is there a way to "request" another application to "create the file themselfs"
Not in general. Some developers might have an API for this in their apps.
The official way of sharing data between apps is ContentProviders.
There is no limit to what may back the specific provider - a file, database or some other data source. I think this is the best way to go in your situation.
The approach you have described is indeed strongly advised against. The whole Android security is based on the idea that you can't directly access the data of other apps.
Ok, here is my proposal. I will assume that you can add functionality to the server app or define some technical guidelines for it at least, so that it's developers have to add the functionality.
A - Server App
B - Client App
[B] Create the html file in the common storage
[B] Save its location to some String variable
(Optional) [A] If there are more server apps that the user can choose from, make sure they all have a BroadcastReceiver with a common INTENT_ACTION.
[B] Send a broadcast Intent with the path saved in 2. as an extra value.
[A] Receive the Intent, check if the path in the extra is present.
[A] Get the file from the received path and copy it into the internal storage.
(Optional) [A] Add a BroadcastReceiver to monitor app uninstalls. When notified about the client app being uninstalled, remove the html file you received from it.
This is the basic algorithm, but I guess the implementation is obvious enough. Let me know if it solves your problem.
I have an android application HELLOWORLD
I am trying to create another android application HELLOWORLDCLEANER which can clear my HELLOWORLD application's data in one click
Application's data is like databases, shared preference files, and other files created within the application
I can clear data in the mobile through Settings->Applications-> ManageApplications-> My_application->Clear Data
But I don't want go every time to Settings page and clear the HELLOWWORLD app data. Does android provide such facility to do if I know the package name of HELLOWORLD application?
I have gone through solutions provided in Stackoverflow but it tells how to clear app data of itself not about other apps..
Each Android application lives in its own security sandbox.
By default, the system assigns each application a unique Linux user ID
(the ID is used only by the system and is unknown to the application).
The system sets permissions for all the files in an application so
that only the user ID assigned to that application can access them.
Which means you can't access another app's resources.
The only way you could achieve that would be by executing su commands, but that would require root access.
you don't need to be root to do that as long as you sign the 2 apps with the same key.
Then you can just tell one app to clear its own data from another app.
I have an application A that launches an intent to install application B(which is present in app A's data folder).
Once application B is installed, file managers like ASTRO can backup Application B's apk file.
So I want to prevent the user from manually installing it(say if he clicks on the backup apk file of Application B it should not install).
Is there a way to disable manual installation...?
But there are two ways to monitor the app.one is, you can use File Observer to
monitor the apps. whenever the apps been taken as back up do stuffs to prevent it. Another way is
For eg: if it's storing in sdcard\am\ use like this.
File f=new File("\mnt\sdcard\am\abc.apk");// file location of your app
{
if(f.exists)
{
f.delete();
}
}
For File Observer,have a glance of this.It might help you.
http://developer.android.com/reference/android/os/FileObserver.html
Can you find the location where the backup is taken and delete the apk.
If APk is available to the file manager then it can open it and install it, I am not aware of any way to stop it as its out of your application scope.
This isn't possible on AOSP Android.
The Install from unknown sources option is a setting in Settings.Global (previously in Settings.Secure) and cannot be controlled by third party applications.
However, it is possible do achieve this if you're willing to modify and compile Android itself for each and every device you want to use this on, as is done by AT&T on some of their devices.
The best you can do is try to find the backup file and delete it if you have access to that part of the storage.
Not sure if it's feasible, but I would solve this by having application A spit out a code that has to be manually entered (like a two step verification) on application B is installed, and then verify it server side. So that way the rogue install like you mentioned would be rendered useless. Maybe you could pop up an error to the user informing them of this.