My android app download several files from app server. Users have to buy these files. So, i need to hide and encrypt these files, so that users cannot play/view these files, or they cannot delete/transfer these files. What are my options here?
check out this link: Storage Options
I would give a try for SQLiteDatabase keeping files as bytes (BLOB column type) or caching in internal storage
You may also keep files in external storage in hidden folder (name starting with dot, e.g. .hiddenFolder) if you are encrypting data, but note that every app can be decompiled and all methods/ciphers may be visible then (key fetched only from server without keeping localy?) and access to external storage (e.g. SD card) is easy when folder name is known (or intuitive, or get from decompiled source)
Put those files in internal memory. No need for encryption then. Only if the device is rooted you are out of luck. Then you need encryption there too. Putting the files in a database unencrypted will fail on a rooted device too.
Related
We are trying to create an app which will download eBook from server and store it locally on sdcard. We tried to DRM eBooks, after we download an eBook the DRM will take care of the security of the eBook. But later due to some reasons we left the DRM concept. Now I want to know whether we can store the eBook securely in the sdcard. The user cannot do any operations in the file other than viewing. Can we store the file in some other location where the user cannot view the file at all. In iOS we can download the file inside the Bundle itself, but for android???. We tried storing the pdf as a BLOB file in DB and tried to read it from there, in that case also we need to write the file and then read it. I am really confused on this Issue, can someone suggest me a good approach on how to proceed further. Any help would be really appreciable.
Personally I've avoid the SDcard given it's pretty much open to all apps, as #commonsWare mentions having it internal storage offers the Android app sandbox security.
Have you considered IOCipher from the excellent guys at the guardian project it's build on SQLCipher and it allow you to create a encrypted virtual disk. The part I love about it is that it's a clone of the java.io libraries so you should only have minimal code changes.
Files stored on the external storage are easy to read by other applications or from user's PC. You might need to encrypt your files if you don't want anybody else to get access. Well encrypted files can be places anywhere in the system without any risks of being read.
Storing files on the internal storage in your case does not sound good, because there are still too many devices out there with the limited amount of internal storage, where every megabyte counts.
Can we store the file in some other location where the user cannot view the file at all.
Not on external storage. You can put the book on internal storage, in which case only rooted device users would have access to it outside of your app.
i) keep the files encrypted which are important to you.
ii) decrypt the files and move to the internal storage during runtime.
iii) Access your files only from internal storage.
Following these things will keep your file and method calling safe as they are accessible only to internal storage.
Example:(access moved assets files from internal storage )
file:///android_asset/ => file:///data/data/com.test.exmple/files/"
You can also try tools like quixxi that do this for you transparently.
I want to password protect my local phone directory folder
This folder (directory) has been created by my application at run time with password protection.
My application can open this folder and used for self.
Any one can't open this folder manually. It is possible in android.
Thanks in advance.
This is not possible on Android.
You could create your folder on the internal memory, so that only your app can access it on normal devices. However, anyone with a rooted device will be able to browse your folder using a file manager, and other apps will also be able to read its contents if given root access.
A folder on the external storage is accessible to all apps with the READ_EXTERNAL_STORAGE permission, so you'll want to avoid using that.
At any rate, there is no 100% effective way to secure your folder such that only your app can access it.
However, you could try encrypting your data. This is what many apps like whatsapp do. Even when Whatsapp backs up the chats to the external storage, it is AES encrypted so that while others can access the data, they can't read it without decrypting it first. I would recommend that your try encryption
I have a project consisting of four programs for different platforms; all of them use the same XML-based settings file format. I want to be able to manually modify/overwrite it outside of the application. On Windows, Windows Mobile and Linux I'm using "user.home", but on Android that alias isn't implemented. I'm thinking about simply putting it in the Downloads directory, however, that doesn't feel right.
I can't be the only one, who needs that kind of functionality. Or this isn't Android-way? Any suggestions are appreciated.
EDIT: I'm OK with the settings file not being available all the time (i.e. SD-card removed), it's used only on the start-up of the application.
Store it in getExternalFilesDir(). This would work only if the device has an external storage. The user would be able to access it.
However, take note of the following from the docs:
External files are not always available: they will disappear if the
user mounts the external storage on a computer or removes it. See the
APIs on Environment for information in the storage state.
According to Android data storage documentation you have 5 options:
Shared Preferences. By default this will use file /data/data/your.package.name/preferences/user_preferences.xml
Internal Storage. Here you can use something like /data/data/you.package.name/user.home
External Storage. Similar to internal storage /mnt/sdcard/Android/data/your.package.name/user.home, but if user removes memory card file will be inaccessible.
SQLiteDatabase. You can store the whole user.home file in a database blob.
NetworkConnection. Store user's config in a cloud.
I want to develop an application which lets user protect their files / folders . It is very much the same as existing apps where user can select the files to be hidden and those files can be accessed only from my app which is password protected.
I got enough resources about the encryption algorithm.
Here my doubt is :
where should i keep my encrypted files. It should be within my app folder. But this folder if i create on phones internal storage, will that not lead to memory restrictions. My app let user to add images / videos or any other file to protection. If i keep the folder on the sd card, the questions are it will restrict app to be run on only mobiles with sd card . Also the content of sd card can be accessed by others ( i am right here ? )
The next doubt is that i see most of those apps i see if i remove protection it is restored in its previous folder. How is it achieved . Is it like keep mapping table an duse that to restore ?
Please help me with answers for my questions. Thanks a lot for your time and help
According to my investigations of the same problem, there is no built-in encrypted storage in Android system. Hence, I'd recommend you following approach:
Encrypt file content with any algorithm. See here(1), here(2) and here(3).
Use MODE_PRIVATE when creating file with, for example, openFileOutput(String, int)
I read this sentence, form a book
"Files: Files internal to applications, which you can store on a
removable storage medium"
and I am confused, well I expect that "Files internal to applications" saved from my app that will be accessible only from my app. and that is true when you save them internally in the phone memory.
But as the sentence says , you can save files to the sdcard also. And that is great but I think that everyone with 'external storage read' privilege set in the manifest will be able to read your file, so that doesn't make it internal to the app, it makes it publicly available to everyone.
My question is:
Is there any way to store the files in the 'removable storage medium' -> sdcard and those files to stay available only to my app, others application to be prevented from reading the content ?
I know that if you put files in data/data//files these files are only available to the app with that package name
It is possible . For that you need to encrypt the data with some private key and write to SDCARD, when ever you want to process that data you have to decrypt it . So another app can't access your data without decrypt it.
Android Encryption Example.
store the files in the 'removable storage medium' -> sdcard and those files to stay available only to my app
I don't think so, For sdcard it is not possible.
The one way is store encrypted file in sdcard and key for it is you can put (keep) in your application's shared preference in private mode and decrypt the file from your application when you want to read it. But I think it some ugly way.