I would like to make video/audio/pdf files hidden inside Internal/External storage in Android. Our requirement is making the files visible only in our Android application but not any other apps like Es File Explorer and not even when connecting the device to Desktop/Laptop.
I have googled it a lot and found the following ways but with few disadvantages.
Creating folder/file with prefix "." - It has the disadvantages that we cannot prevent it to be visible in some File explorer apps with the option "Show hidden files" and we cannot prevent the files from getting displayed when connected to Desktop/Laptop.
Storing the files inside App specific folder - Storing large memory files in the path returned by android.Content.Context.getFilesDir() will lead to the poor performance of the device and most of the devices will not have large internal memory size.
How to overcome the disadvantages and make our application to meet the requirement ?
Well hiding files to user accessable storage is not recommend without encryption.
Youtube,Gaana, saavan, hotstar all these media related apps used to encrypt their data and stores in data location which is visible to users but they can't share or use in other ways as the data is encrypted.
You can use CipherOutputStream and CipherInputStream for encryption and decryption of file in android.
There are two ways through which you can achieve your goal
Download a file and encrypt it, when you want to play that file decry-pt it in a temporary file and play it which I not recommend as it can increase the chances of data grabbing.
if you want to play encrypted file on the fly (not decrypting it in a temp file) then you can use Libmedia library. It streams encrypted file on local host and play it from there
Original answer : https://stackoverflow.com/a/35426842/9565955
Your first proposed solution won't work since it would make files accessible to anyone.
Second solution is perfect if you have limited file sizes. In case of large memory files it is always better to store them in External storage. But this would make it publicly accessible. To prevent that you can encrypt the files and store them in external storage.
Some suggestions while doing so :
Randomise the filenames so won't be easy to guess.
Refer this for simple file encryption.
Do not use static key for encryption as it can be reverse
engineered. Use different key for every file.
Do not store the original key in db/shared preference. Store the
hash of it instead.
You can even hash the key n times and then store in db. This would
make procedure a bit slow but provides more security as one has to
know the exact value of n to get the original key.
For added security you can even consider using Android's KeyStore to
derive the IV.
Related
I am writing an app for my final year project, so it's more so for proof of concept so it doesn't have to be the best app in the world.
It is like a file locker app that you can add and remove files from the app and when they are stored they will be encrypted. There will be a login of some sort for the user to enter and be verified on a DB.
I am still a novice in android so I still have a way to go, but I am getting there!
I was thinking when the file (which could be a doc, pdf, jpg, video file etc) is added to the app it would be stored in the internal storage (from what I have read it seems to be the best place to store app related content) and a record of the name and file type would be added to the DB and also the encrypted file name. So when the user looks at the app they will see a thumbnail of the pic and the file name, kinda like the My Files app shows up files within a folder.
My question is it best not to store the file directly into the DB but just use the DB as a reference with the file details, if so how could this be done?
Also I was thinking that an AES 128bit encryption method would be best suited for this. I have tried a couple of encryption examples but have only been able to do this with a txt file, when i tried it with a jpg the app just sat there and did nothing. It showed the encrypted and decrypted jpg but this was not viewable.
Would anyone be able to suggest a good way of encrypting any file type that would suit for my app?
Any help would be greatly appreciated!
Cheers,
Owen
If you want to do this properly, here are a few tips:
Don't store files in the database, unless you know in advance that they're going to be really titchy. Store them somewhere else, with a reference to them in the database.
The best place for them if they're smallish is internal storage in the app's private file space. But if you want to be able to store encrypted arbitrary data then you'll need to hit external storage.
Don't store the decryption key!
Ideally, you should find a way not to write the file anywhere when you decrypt it. That might not be possible, though, if you need to open it in another application afterwards. If you write the encrypted files to external storage, you should at the very least write the decrypted version to internal storage where there's some operating system protection against other apps reading it. If you write the decrypted file to external storage, anything will be able to get at it.
AES with a 128-bit key will do you fine.
I'm making an Android app that generates an Excel file using JExcelApi. The content of the fiel is also available as plain text but it's not stored anywhere (I'm using it for displaying it on a TextView; the content isn't too complex).
To simplify things I store the Excel file on the SD card root directory. I know it's not good practice, but this app is not meant for wide distribution and it's only used for internal purposes in my company, so I'm not too worried about it. When the app generates the file, you can either press a "send XLS" button on the main view which will create a SEND_ACTION intent so you can send the file through email, Dropbox or whatever, or you can just simply plug the phone to a computer, mount it as USB storage and get the file.
However, soon we're going to need to send the app to some of our clients and some changes need to be done. We don't want our clients to access the XLS file, so I need to protect it somehow. Unfortunately, JExcelApi does not support password protected files, so I need to find an alternative way to protect it.
Regarding the "send" button: I was thinking about adding a simple password dialog, so that the user needs to type in a hard-coded password first before the intent is sent. I still haven't taken a look at this, though.
What worries me the most is the XLS file. Ideally, it should still be available on the SD card's root folder, but I realize that this may make things much harder than necessary. Using the app's private storage would be option because the file would be "invisible", but this can be easily beaten by using a rooted phone. I've taken a look around the Cipher class but I'm not sure how I could apply it to my case: the JExcelApi manages the opening and saving of files by itself and I can't use CipherOutputStream to save the file; I also need to be able to decrypt the file on a PC.
What should I do? Is there any way to encrypt the file in Android in a way that would make it possible to decrypt it on a PC? Should I find some other Excel APIs that support password protection (are there even any)?
About the security requirements: the content of the report is not critical and it wouldn't be a big deal if our clients got access to it (I mean, the content itself is displayed on screen!), but I'd like to make it annoying enough that our clients would cease to insist accessing the XLS file, if they ever tried to.
TL;DR: how do I encrypt any kind of file in Android?
I'm not very familiar with encryption on Android, but there's the Bouncycastle library that can be used for encrytion on Android. There might be some pitfalls, but apparently you can also use Android's own Cipher class for en-/decrypting using different algorithms.
If you want to share the encrypted data you'll have to have a shared key in order to let the recipient decrypt it.
I have some audio files that my app is downloading, and due to the size of the files it would be nice if I could store them on the user's external storage. However I need them to remain private to my application. Is there any way to accomplish this?
Not literally.
You could encrypt them, but then you would have to handle the playing yourself, in order to decrypt them (or play some game like streaming them from a local "server" which decrypts them as it reads).
Realize also that even things within your .apk itself are accessible on most devices (you will need to use care in obfuscating the encryption key), and the contents of your app's private storage folder are readable on the multitude of rooted devices.
One simple suggestion would be to encrypt your file and then store it in external memory. This would keep the data safe and secured. Other application wont be able to access it. To accomplish this you need to convert the file into ByteStream. Then using encryption function encrypt it and store to external memory. Change the extension of your file to some user-defined extension like myExt and store all in certain folder. When you want to use those files in your application, decrypt it and use it. The encryption key will help you to securely protect data.
As per my knowledge this will prevent other application to access your information.
I want to develop an application which lets user protect their files / folders . It is very much the same as existing apps where user can select the files to be hidden and those files can be accessed only from my app which is password protected.
I got enough resources about the encryption algorithm.
Here my doubt is :
where should i keep my encrypted files. It should be within my app folder. But this folder if i create on phones internal storage, will that not lead to memory restrictions. My app let user to add images / videos or any other file to protection. If i keep the folder on the sd card, the questions are it will restrict app to be run on only mobiles with sd card . Also the content of sd card can be accessed by others ( i am right here ? )
The next doubt is that i see most of those apps i see if i remove protection it is restored in its previous folder. How is it achieved . Is it like keep mapping table an duse that to restore ?
Please help me with answers for my questions. Thanks a lot for your time and help
According to my investigations of the same problem, there is no built-in encrypted storage in Android system. Hence, I'd recommend you following approach:
Encrypt file content with any algorithm. See here(1), here(2) and here(3).
Use MODE_PRIVATE when creating file with, for example, openFileOutput(String, int)
I have to store a lot of images that have to be downloaded from the web server. The size of the images might be 80Mb. So I want a guidance where to store them, whether in internal or external storage. Both create some problems for me. Internal storage is as every one knows is very limited but the problem with external storage is that images can be accessed by user. I don't wanna my application images to be exposed to user and changed or deleted. So is there any alternative or is there any technique to safely put data into external storage?
Unfortunately no, external storage has FAT file system, which does not support access restriction. And you simply must not store such large chunks of data in internal memory (or otherwise users will not like you, to put it mildly).
So the only way to go, is to use external storage. If you need some protection, then you may either encrypt/decrypt data. Or just obfuscate data, like changing file extensions, or adding 10 bytes at the beginning of each file. Obfuscation is more efficient resource-wise, but much less protected. Though encryption key can still be extracted from your application, so both of this approaches have their flows.
I would advice to store them in the external storage. If you don't want the user to be able to read it, protect it with an encryption. I think it's a bad idea to impose large data to the user. If the user wants to remove it, you shouldn't want to prevent it. Perhaps consider the possibility of re-download the pictures from the web if it has been deleted.
Use encryption for file content:
i found nice and lightweight sample code on http://www.androidsnippets.com/encryptdecrypt-strings
I recommend saving to external. Preventing the user from deleting his data is not recommended. Also user can format the sdcard to delete it. so you cannot stop the user. You can hide it from him. Just prefix a dot to the folder name to make it hidden.
If you are using Android 2.3, OBB is your choice.
http://developer.android.com/reference/android/os/storage/StorageManager.html
OBBs contain a filesystem that maybe be encrypted on disk and mounted on-demand from an application. OBBs are a good way of providing large amounts of binary assets without packaging them into APKs as they may be multiple gigabytes in size. However, due to their size, they're most likely stored in a shared storage pool accessible from all programs. The system does not guarantee the security of the OBB file itself: if any program modifies the OBB, there is no guarantee that a read from that OBB will produce the expected output.
Related
What is OBB(Opaque Binary Blob) in Android develop site?