I have folder named docFolder located inside download directory of device interval memory. The folder contains lot of files in different format (html,png,jpg etc...).
How can I easily programmatically encrypt docFolder so that users can not open the folder. I also need to decrypt docFolder programmatically so that I can use the files in my code.
Please help.
Having done the research for your use case before, I can help you with my results and findings.
You can use symmetric algorithms for encryption and decryption. These symmetric encryption algorithms are relatively faster and consume fewer resources for computation.
You can read about symmetric cryptosystem here.
You will find lots of Java codes for each algorithm.
You need to ensure that the key used for symmetric encryption is not stored locally as users can Decompile the APK and access the code. For this, you can retrieve the keys for each user from public cloud database services like Firebase, etc.
So instead of encrypting the folder, you can encrypt your important docs and store them in the app's dedicated path.
In general, Other regular apps cannot access your app's dedicated path. Android won't allow that. But the users can browse through them using any file browser.
Read about Data and File Storage in Android here and choose the best suitable method for your use case.
Hope this is helpful.
you can not encrypt Folders but you can encrypt files
take look at
http://www.codejava.net/coding/file-encryption-and-decryption-simple-example
keep in mind encrypting an decrypting is comes with costs of battery usage and time (depends on your file size you might even have lag on app).
you should only encrypt very important,sensitive data
if you don't want users access your file directly, you can store them in sqlite
Related
I haven't been able to find a clear answer to this question, so here it is;
I want to use Realm for Android to store files in an encrypted way, then be able to open/view those files without needing to actually save them in the phone. Those would be sensitive data file so It would be perfect if it stay in the local database of my app.
Is Realm well suited for my case or if not, what else would be for Android?
Realm suits or not. You may need to reconsider.
If you just want to encrypt a database, it is easy. Just give it an encryption key when you init a Realm instance.
However, there are some side effects.
Save big files to Realm will slow it down.
The danger of data corruption. If you database file is corrupted, all data is lost. So you have to backup. That means saving files into Realm will cause your app takes at least twice the size of saving the files in filesystem directly.
The encryption key. You must design an encryption key that basing on each device other than just using one same key in your app. Or someone just needs to copy the database file from another's phone to his own and your app will decrypt the database for him.
You can check out this previous answer for a more deep explanation about saving images on Realm (it's on iOS, but the basics are the same: Don't do it if there's a lot of images.)
In your specific use case, did you consider saving encrypted images on the filesystem and the references for the image in Realm? You just need the file path and the encryption key in the database to work.
I'm planning to store hashed passwords and PINs using realm. I've been researching on salting, and it's recommended to have a different salt for each password / PIN. Also it's recommended that the salt should be somewhere within the database.
My question is are .realm files secure? Is there a way to guarantee that the contents of the .realm files cannot be opened?
In general you can get the the realm file from the phone (if it rooted) and read it via realm browser (https://github.com/realm/realm-browser-osx). But there are possibility to encrypt the *.realm file. Look at the corresponding section of the documentation https://realm.io/docs/java/latest/#encryption .
Realm files aren't encrypted by default, however realm does support encryption of the files.
You can view the encryption documentation here, and an example implementation here.
You should also read up on the Android keystore, which will allow you to securely store the key.
I'm working on an application that it took me about 2 whole month to collect data.
how can I protect my database and files? because of a big size of database, I zipped it (with password) and put it in asset folder. I can unzip it.
2 questions:
where I can extract it that no one can access it even though they have a rooted device ?
after extracting my database from zipfile ,I want to copy it to my application database . is there anyway users can access the database ?
Depends on how smart an attacker you're expecting. If you're expecting the average user, don't worry about it- just put it in your data directory, they'd have to root the phone to see it. From a power user you can encrypt the files. From a determined hacker that won't work- he'll decompile the apk and find the key. You can pass the key from a website, but a good hacker will run it under a debugger and find the key in memory. The best way to secure most of the data would be not to have it in the app but only download what you need via webservice as you need it, but that will cost money and time.
As I know there is no way to hide your files from user sight. they can access your resources sometimes so easy. but you should encrypt your data.
You can use SQLCipher library to protect your data. see http://sqlcipher.net/
Although it has some overhead but you can distribute your data in a safe way.
Hope it can help you
I need to store resource files(text doc,imgaes,music etc) in my app in encrypted format and in runtime i need to decrypt the files and use it. Thanks in advance.
Then how can i achieve this?
If you do not want the user to have access to the data, do not store it on the user's phone.
A sufficiently interested user can access anything on their device. This would include your code along with your resources. Any encryption algorithm and key that you use will be in your code; finding that and using that to decrypt your resources is not especially difficult.
My question is related to following questions.
Security of Android assets folder
Assets Security in Android
Basically the application which I am making has some mp3 resources which I wanted to secure. So is there library which work on android to encrypt and then decrypt resources especially mp3 files.
Thanks.
Keep in mind that any method of encryption that you use will need storing the key to decrypt the encrypted data. This key will have to be available to your application and thus to anyone who has access to your application. By encrypting the data you change the problem of hiding your data to the problem of hiding your key and there is pretty much no way around it. The most you can do is to make your data harder to read but it can't be made impossible to read, unless you run your application on a trusted computing platform, as I said in my answer to your previous question.