I created a music app with my own music files. I placed all sound files in raw folder which is not secure. People just rename the .apk with .zip and started stealing my music file and they started coming with their own clones.
How can I secure raw folder?
It seems like due to the nature of the Android .apk, resources are ultimately ex-tractable. Though you can prevent common methods like .zip using encryption, but the encryption key will need to be somewhere else in the application. Then you get to the secondary problem of attempting to hide that key. Alternatively you could use a web server to stream the music or send key for the encryption.
Protecting code in android asset files
How to secure the android assets folder from hackers
https://stackoverflow.com/a/5275702/5686611
The best thing I'd recommend is using a server to stream your music to the application. There are a lot of workarounds if you keep the data locally on android. Use a server, you'll be good to go.
Related
I'm working on a project using android studio and moodle.
One of the objectives of the mission is to get data from moodle into an archive and get that archive into an SD card to access the data into the mobile without internet connexion.
The client wants the data on the SD card, not te be read by anyone.
So I thought of multiple solutions:
Creating a key on the RAR archive
Encrypting the archive
Encrypting each file within the archive (and the archive ?)
But I still don't know how to pass the data to the android safely. And if those solutions which I thought are good because you need to decrypt it with android later. The best would be that it could be done without internet.
I'm not familiar with moodle, but I assume it is a web app? If so, the easiest way to handle the data securely would be:
Download the file from the web app over HTTPS
Use the Android Jetpack security libraries to store the file on the SD card
Here is an article (from the Google Android Security team) that shows how to generate keys and store encrypted files using Jetpack: https://medium.com/androiddevelopers/data-encryption-on-android-with-jetpack-security-e4cb0b2d2a9
It abstracts away a lot of the crypto work for you.
As the title says, I have 1000mb audio files in my app (which has a media player ability also). I don't need a 100% protection. All I need is that when user downloads these audio files from the web, only my app could be able to find on open these files and if a normal user shares these files they couldn't open it.
I know a dedicated user or hacker can easily access the main files, all I need is a simple primitive protection from a ordinary user.
What is the best way to do this? Any suggestions or examples would be appreciated.
Thanks a lot
Store those audio in folder named '.nomedia' without quotes.
OR
Use custom file extentions and and save those files using Serialization
To save object to file you need serialization.
You can choose whatever file extension we like e.g. .car.
You can simple encrypt the header of the file not entire file, Your app will decrypt that header before playing it. You only need to encrypt few bytes so there is no performance issue.
I would like to make video/audio/pdf files hidden inside Internal/External storage in Android. Our requirement is making the files visible only in our Android application but not any other apps like Es File Explorer and not even when connecting the device to Desktop/Laptop.
I have googled it a lot and found the following ways but with few disadvantages.
Creating folder/file with prefix "." - It has the disadvantages that we cannot prevent it to be visible in some File explorer apps with the option "Show hidden files" and we cannot prevent the files from getting displayed when connected to Desktop/Laptop.
Storing the files inside App specific folder - Storing large memory files in the path returned by android.Content.Context.getFilesDir() will lead to the poor performance of the device and most of the devices will not have large internal memory size.
How to overcome the disadvantages and make our application to meet the requirement ?
Well hiding files to user accessable storage is not recommend without encryption.
Youtube,Gaana, saavan, hotstar all these media related apps used to encrypt their data and stores in data location which is visible to users but they can't share or use in other ways as the data is encrypted.
You can use CipherOutputStream and CipherInputStream for encryption and decryption of file in android.
There are two ways through which you can achieve your goal
Download a file and encrypt it, when you want to play that file decry-pt it in a temporary file and play it which I not recommend as it can increase the chances of data grabbing.
if you want to play encrypted file on the fly (not decrypting it in a temp file) then you can use Libmedia library. It streams encrypted file on local host and play it from there
Original answer : https://stackoverflow.com/a/35426842/9565955
Your first proposed solution won't work since it would make files accessible to anyone.
Second solution is perfect if you have limited file sizes. In case of large memory files it is always better to store them in External storage. But this would make it publicly accessible. To prevent that you can encrypt the files and store them in external storage.
Some suggestions while doing so :
Randomise the filenames so won't be easy to guess.
Refer this for simple file encryption.
Do not use static key for encryption as it can be reverse
engineered. Use different key for every file.
Do not store the original key in db/shared preference. Store the
hash of it instead.
You can even hash the key n times and then store in db. This would
make procedure a bit slow but provides more security as one has to
know the exact value of n to get the original key.
For added security you can even consider using Android's KeyStore to
derive the IV.
I have some audio files that my app is downloading, and due to the size of the files it would be nice if I could store them on the user's external storage. However I need them to remain private to my application. Is there any way to accomplish this?
Not literally.
You could encrypt them, but then you would have to handle the playing yourself, in order to decrypt them (or play some game like streaming them from a local "server" which decrypts them as it reads).
Realize also that even things within your .apk itself are accessible on most devices (you will need to use care in obfuscating the encryption key), and the contents of your app's private storage folder are readable on the multitude of rooted devices.
One simple suggestion would be to encrypt your file and then store it in external memory. This would keep the data safe and secured. Other application wont be able to access it. To accomplish this you need to convert the file into ByteStream. Then using encryption function encrypt it and store to external memory. Change the extension of your file to some user-defined extension like myExt and store all in certain folder. When you want to use those files in your application, decrypt it and use it. The encryption key will help you to securely protect data.
As per my knowledge this will prevent other application to access your information.
I am working on an app that connects to a media providing site and downloads mp3 files to the user phone. I would like for the user to be unable to copy these files off the phone but only listen to them through my app.
I am currently trying to encrypt the files using DES and encryption and decrypt and play the file in bits in the app. This is however not working. Is there a better way of achieving my end goal or has anyone else implemented a similar solution?
Thanks
P
If you use DES (a private key or symmetric-key algorithm) you need to store you the decryption key in your app. Remember this is Android's byte code, much easier to disassemble to retrieve key.
Think of other DRM alternatives.
If you use Android's internal storage, the file system you create can only be accessed by your app. However, due to the open nature of Android there are many "Rooted" android ROMs available that allow public access to these files.