I would like to know if it is possible to set the permissions of the files that my Android app writes on behalf of the user in the external storage folder (that is the common user folders that are accessible to my app like "Documents") so that those files are not writable by other applications that know where they are or explore the external storage folders to find them.
I mean, if my application has many installations and it becomes the target of malware apps, and it has a known user files folder, the malware could change or delete those files (json and other types like txt, doc). I would like that it is not possible by means of file permissions setting.
But note that the user has to be able to manage those files and also edit them.
Even my app sends intents so other apps edit them.
Is it possible?
That is not possible. If you do not want other apps to have access to the files, put them on internal storage, not external storage.
You can create encrypted storage with consistency checking instead of using permissions, what is not possible.
Related
We developed two android applications, one that creates a folder with multiple files (.xml /.txt /.db) and another one that needs to access these files. Both application needs read and write authorizations to these files.
Before Android 11, we use to store these files in the app-specific external storage (Android/data/com...), the other app was able to read/write those files.
With Android 11 and enforcement of scoped storage, secondary app cannot access the primary app folder.
Is there any way of creating a "public" directory that store all shareable files ?
While searching, i found about the FileProvider component but i don't know if it will work despite scoped storage.
I'm aware of the new authorization MANAGE_EXTERNAL_STORAGE, but if i use this i'm afraid that playstore might reject my apps.
Despite all my researches, i didn't find a solution to my problem.
Thank you for your help.
On Android 11:
Make your own directory in one of the public directories like Documents, DCIM, Pictures, Alarms and so on, and put your files there.
I was wondering, what is a good way, to prevent my app files from being read/ write to other apps, in non-root devices
Currently, I'm storing my data (images, audio, ...) in getExternalFilesDir
But, some of my users complain that, they are still able to see images in 3rd party gallery app.
I am not sure whether they are using root phone. So far, I cannot access my app getExternalFilesDir from Google Photo app.
Based on https://developer.android.com/training/data-storage, it seems that only getFilesDir will prevent other apps from accessing the files.
But, is it appropriate for an app to store user data file in getFilesDir? (My app is a note taking app which needs to store user attachment images, audio, ...)
From discussion of Android getExternalFilesDir vs getFilesDir() for big files , it seems like getFilesDir is not designed to store user data files?
I was wondering, what is a good way, to prevent my app files from being read/ write to other apps, in non-root devices
Store your data in internal storage (mostly getFilesDir() and getCacheDir()).
Currently, I'm storing my data (images, audio, ...) in getExternalFilesDir
The only reason to use that location is if you want the user to be able to use your content from outside of your app, whether via other apps or via an attached desktop computer.
In the long term, getExternalFilesDir() and getExternalCacheDir() will be off-limits to other apps — you will start seeing this on Android 11 in particular. However, it will take years for Android 11+ to dominate the Android device ecosystem.
But, some of my users complain that, they are still able to see images in 3rd party gallery app.
Such apps might be augmenting the MediaStore by scanning external storage for images.
But, is it appropriate for an app to store user data file in getFilesDir?
Yes. Everything should be in internal storage, unless there is a specific need for the user to be able to use the content outside of your app. Internal storage should be your default choice, with external storage or the Storage Access Framework being explicit choices made to go against that default.
From discussion of Android getExternalFilesDir vs getFilesDir() for big files , it seems like getFilesDir is not designed to store user data files?
Um, no.
A decade ago, internal storage and external storage were separate partitions, in part because external storage typically was implemented as removable storage (micro SD card). Since Android 3.0 in 2011, though, internal storage and external storage are almost always separate directories on the same partition. The primary distinction between the two is what processes could access the files, with your portion of internal storage being locked down to just your app, and external storage being accessible by anything.
I want to password protect my local phone directory folder
This folder (directory) has been created by my application at run time with password protection.
My application can open this folder and used for self.
Any one can't open this folder manually. It is possible in android.
Thanks in advance.
This is not possible on Android.
You could create your folder on the internal memory, so that only your app can access it on normal devices. However, anyone with a rooted device will be able to browse your folder using a file manager, and other apps will also be able to read its contents if given root access.
A folder on the external storage is accessible to all apps with the READ_EXTERNAL_STORAGE permission, so you'll want to avoid using that.
At any rate, there is no 100% effective way to secure your folder such that only your app can access it.
However, you could try encrypting your data. This is what many apps like whatsapp do. Even when Whatsapp backs up the chats to the external storage, it is AES encrypted so that while others can access the data, they can't read it without decrypting it first. I would recommend that your try encryption
I actually want to access the files on android system. I manage to read the files and directories in the external storage of android.
My questions are :
How can I access the directories and files of the internal storage(Specially videos, pics all of the applications which runs in android).
Where are stored the data of each application which installed in internal storage?
Is it possible to transfer data which exists in the internal storage (from internal memory to external storage?
I read that external storage is world-readable? what does that mean?(if a create an application then this application can access all the files that installed in external storage?)
By default, an app cannot access data stored by another app. Permissions are applied to internal storage that make data written by an application not accessible outside of that application (your app cannot read anything written by another app). This can be changed, where an application can specify different permissions for ITS OWN data; basically, an app can allow others to read its data. However, if an app does not specifically set its permissions to allow this, other apps cannot access its data. This is a fundamental principle of the Android security/isolation model and is done at the Linux/kernel level, as each app runs under its own Linux UID and permissions are set within the filesystem only allowing that UID access to the app's directory structure (group and world permissions are set to 0 by default).
This all goes out the window if you have access to root on the device (rooted phone and your app runs with root permissions), but we should consider that out-of-scope for your question.
External (SD card) storage is different in that it is considered free-for-all and permissions are not applied there (this is originally due to the filesystem typically used in SD not supporting permissions). Any app can usually read anything written to the SD card by any other app, unless the original app does something to protect it (encrypt, etc).
This is all explained in great detail in Application Security for the Android Platform, just published by O'Reilly.
You have to write FileProvider to access the app specific files with another app.
Is it possible to provide application specific security to the files?. I want the file could only be accessed by the desired application and not by the others.
I assume that you have files stored on the sd-card in mind, since files stored in the internal file system is protected by default.
The only way you can protect your data from other applications is to use some sort of encryption.
Android gives each application its own user id and then the standard Linux file system access rights take care of protecting data stored on the internal file system. There is nothing you need to do to take advantage of this feature, as it is central to the whole security model in Android.
But for external storage, like the sd-card, Android is using the FAT file system to make the cards compatible with Windows. It's a good thought, but since the FAT file system lack any access rights features, everything stored on the sd-card is available to all apps. (An app that needs access to the sd-card will need to ask for permission to do so.)
(This is a huge integrity problem with Android. Sensitive information should not be stored on the sd-card, yet all photos taken are stored there. An app with access to the sd-card and the internet could easily upload all your photos to a server somewhere without you knowing it.)
you can play with the permission by declaring in your AndroidManifest.xml file. As stated in Android developer permission guide:.
For example, an application that wants to control who can start one of its activities could declare a permission for this operation as follows:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.me.app.myapp" >
<permission android:name="com.me.app.myapp.permission.DEADLY_ACTIVITY"
android:label="#string/permlab_deadlyActivity"
android:description="#string/permdesc_deadlyActivity"
android:permissionGroup="android.permission-group.COST_MONEY"
android:protectionLevel="dangerous" />
...
</manifest>
Can you check the webpage and if you are not clear we can discuss here, i have to go over before giving the exact answer.
Edit: Also check this post in so.
Yes. A simple solution is to generate a random cryptographic key using /dev/urandom when the app is installed, store the key in local storage (not on the SD card), and then encrypt the files you store on the SD card using this key. This will prevent other apps from reading the files.
Of course, one consequence of this approach is that the user will not be able to remove the SD card, put it into their PC, and copy those files onto their PC.