The question is how can I store a big amount of data (several hundreds of Mb and more) and simultaneously keep it available only for my application?
Internal storage as I found out is limited and its size depends on device model. Could it be sufficient for large data volume storage? Could I store 500Mb and more in internal storage?
The alternative is to use external storage. As I know, external storage doesn't limit an application and it can use the whole external storage. However, data become available for user and other applications and it is unacceptable in my case. Is there a way to make data, which stores in external storage, private as if it stores in internal one?
Internal storage as I found out is limited and its size depends on device model
Only on Android 1.x/2.x. On the vast majority of Android 3.0+ devices, internal and external storage are on the same partition and therefore have the same amount of space.
Could I store 500Mb and more in internal storage?
On Android 3.0+, probably. The user may not have 500MB free, but that's not a limitation of internal storage, but just a limitation of "storage" in general.
Is there a way to make data, which stores in external storage, private as if it stores in internal one?
Not really. You cannot prevent the user or other apps from deleting those files, for example. You can use Facebook's Conceal library to encrypt the files on external storage, with a generated encryption key stored on internal storage, to prevent users or other apps from changing the contents of the files (other than by simply corrupting them). However, again, this would only be relevant if you are still supporting Android 1.x/2.x; on Android 3.0+, just use internal storage.
considering the constrains you up you really up with two possible approaches.
use the internal storage but make sure to keep check on free memory and whenever the device can't handle it's a matter of letting your users know their device can't run your app.
use the external memory and build a nice encryption on it so even if someone else get the files, the actual data on them will be meaningless without the proper decryption mechanism.
which option to choose is a product decision.
You can use getExternalFilesDir() to restrict the media store content provider from reading your app specific files from an external storage. But I think any other application with the same permission of READ_EXTERNAL_STORAGE can access the files. Only way is to use the internal memory.
Im not sure what type of files you wish to store. If the files are less in number you can give a thought of using database, although this shall violate ACID principle. Alternatively you can think about restricting by using content providers.
Related
I'm new to Android and extremely confused about storage.
I have 4GB of internal storage on my Chromecast.
I plugged in a USB and formatted it as a storage device.
After that I enabled force push installs to external in the developer settings.
The drive name shows under the settings as USB Drive, however when I load File Commander App it's not showing at all.
When I used Termux and took a look at /mnt/sdcard/Android/obb to find a large OBB, it seems to be showing at exactly the same directory as /storage/shared/Android/obb.
So where exactly is internal storage and external storage?
How can I move files between them if I can't do so using File Commander?
In short, Internal Storage is for apps to save sensitive data to which other apps and users cannot access. However, Primary External Storage is part of built-in storage which can be accessed (for read-write) by the user and other apps but with permissions
Internal vs external storage is kind of a distinction that didn't go the way it was expected to go. I think originally it was meant to be phone storage vs SD drives, but it moved away from that. Now internal storage is special storage for an app held in phone memory. Its limited in size per app, but you should reliably be able to hold that amount. No other app can read this (unless your phone is rooted).
External storage is unlimited, but theoretically may be less reliable? You may also not be able to get any, if the device is out of space. But its not really removable anymore, so you can count on it staying there. It also is specific to your app and no other app can read it.
Then there's a few special folders in external storage anyone can access. Downloads, photos, etc. These work like external storage but data stored there can be accessed by other apps.
None of the app specific storage will show on file picker, because other apps don't have access. Unless you're rooted, in which case the rules can change. Or if you're using ADB and debugging.
As for where the actual folders are on disk- that can change depending on model. You can't depend on exact directory structure on Android. When you're writing a program that's why you use getFilesDir and getExternalFilesDir.
(If you're wondering why they still have a difference between the two- I don't know other than inertia. They've killed every difference between them, the little difference left may as well be killed to make programming simpler IMHO).
I was wondering, what is a good way, to prevent my app files from being read/ write to other apps, in non-root devices
Currently, I'm storing my data (images, audio, ...) in getExternalFilesDir
But, some of my users complain that, they are still able to see images in 3rd party gallery app.
I am not sure whether they are using root phone. So far, I cannot access my app getExternalFilesDir from Google Photo app.
Based on https://developer.android.com/training/data-storage, it seems that only getFilesDir will prevent other apps from accessing the files.
But, is it appropriate for an app to store user data file in getFilesDir? (My app is a note taking app which needs to store user attachment images, audio, ...)
From discussion of Android getExternalFilesDir vs getFilesDir() for big files , it seems like getFilesDir is not designed to store user data files?
I was wondering, what is a good way, to prevent my app files from being read/ write to other apps, in non-root devices
Store your data in internal storage (mostly getFilesDir() and getCacheDir()).
Currently, I'm storing my data (images, audio, ...) in getExternalFilesDir
The only reason to use that location is if you want the user to be able to use your content from outside of your app, whether via other apps or via an attached desktop computer.
In the long term, getExternalFilesDir() and getExternalCacheDir() will be off-limits to other apps — you will start seeing this on Android 11 in particular. However, it will take years for Android 11+ to dominate the Android device ecosystem.
But, some of my users complain that, they are still able to see images in 3rd party gallery app.
Such apps might be augmenting the MediaStore by scanning external storage for images.
But, is it appropriate for an app to store user data file in getFilesDir?
Yes. Everything should be in internal storage, unless there is a specific need for the user to be able to use the content outside of your app. Internal storage should be your default choice, with external storage or the Storage Access Framework being explicit choices made to go against that default.
From discussion of Android getExternalFilesDir vs getFilesDir() for big files , it seems like getFilesDir is not designed to store user data files?
Um, no.
A decade ago, internal storage and external storage were separate partitions, in part because external storage typically was implemented as removable storage (micro SD card). Since Android 3.0 in 2011, though, internal storage and external storage are almost always separate directories on the same partition. The primary distinction between the two is what processes could access the files, with your portion of internal storage being locked down to just your app, and external storage being accessible by anything.
My app needs to download and save a big number of images and mp3s.
These will make sense only for the app, only my app will be able to use them in an meaningful way. The user or other apps won't know what to do with them.
Where should I keep them, in external or internal storage?
I'd like to keep them in internal memory because they are only meaningful to the app, and they will be wiped out when the app is deleted.
However, for old devices the internal memory is very limited, and I think it would be a hassle for the user to keep these files here.
So, I was thinking about external memory, but I don't like the idea of keeping those files there after the app has been deleted.
What would be the best practice for this?
Thank you.
Use the path returned by 'getExternalFilesDir(String type)'
From the documentation:
"Returns the absolute path to the directory on the primary external filesystem (that is somewhere on Environment.getExternalStorageDirectory()) where the application can place persistent files it owns. These files are internal to the applications, and not typically visible to the user as media.
This is like getFilesDir() in that these files will be deleted when the application is uninstalled, however there are some important differences:
External files are not always available: they will disappear if the user mounts the external storage on a computer or removes it. See the APIs on Environment for information in the storage state.There is no security enforced with these files. For example, any application holding WRITE_EXTERNAL_STORAGE can write to these files."
For further details: http://developer.android.com/reference/android/content/Context.html#getExternalFilesDir(java.lang.String)
So yes, you can use external storage and have the files deleted when the app is uninstalled (as long as you are happy with the lack of security).
This is pretty close to an opinion question and will likely get closed.
Short answer: Use external storage. Users will get mad if you're filling up their internal storage with tons of files.
Recommendation: Give the users a toggle option to store it wherever they want!
I am downloading files from a remote server to be saved for use on an android device. These files are mostly images and audio but I would like it so that a user cannot access this data using methods other than the app.
The issue is that these files could be large and that's why I use external storage. The problem here is that users can access the data stored on external storage by hooking the phone up to a computer.
Apart from using internal storage, do I have any options to secure the files written to disk?
If I do have to use internal storage, are there any other disadvantages other than the fact that some users might have a small amount of internal storage?
Thanks for your time! Any help will be much appreciated! :)
EDIT 1 :
The data being downloaded is paid content (via In App Billing). This is why I'm concerned about restricting access.
EDIT 2 :
I am already adding a "." before the folder I'm saving my data to. I'm more concerned about 'power' users who would know to look in hidden folders.
Seems like you are populating app's cache from web. It is always recommended to use external storage for such purposes because some users may not have enough internal memory to accommodate this.
Since you downloading includes images and audios, i wouldn't suggest you to use encryption/decryption as it will slow down the app's processing. So there's nothing much you can do to secure your data if you want to put on external memory and skip its encryption.
I personally don't think any harm/disadvantage to leave such data as it is (not encrypted). But if you have some of the files important, perhaps you may perform encryption on those particular files only.
I have to store a lot of images that have to be downloaded from the web server. The size of the images might be 80Mb. So I want a guidance where to store them, whether in internal or external storage. Both create some problems for me. Internal storage is as every one knows is very limited but the problem with external storage is that images can be accessed by user. I don't wanna my application images to be exposed to user and changed or deleted. So is there any alternative or is there any technique to safely put data into external storage?
Unfortunately no, external storage has FAT file system, which does not support access restriction. And you simply must not store such large chunks of data in internal memory (or otherwise users will not like you, to put it mildly).
So the only way to go, is to use external storage. If you need some protection, then you may either encrypt/decrypt data. Or just obfuscate data, like changing file extensions, or adding 10 bytes at the beginning of each file. Obfuscation is more efficient resource-wise, but much less protected. Though encryption key can still be extracted from your application, so both of this approaches have their flows.
I would advice to store them in the external storage. If you don't want the user to be able to read it, protect it with an encryption. I think it's a bad idea to impose large data to the user. If the user wants to remove it, you shouldn't want to prevent it. Perhaps consider the possibility of re-download the pictures from the web if it has been deleted.
Use encryption for file content:
i found nice and lightweight sample code on http://www.androidsnippets.com/encryptdecrypt-strings
I recommend saving to external. Preventing the user from deleting his data is not recommended. Also user can format the sdcard to delete it. so you cannot stop the user. You can hide it from him. Just prefix a dot to the folder name to make it hidden.
If you are using Android 2.3, OBB is your choice.
http://developer.android.com/reference/android/os/storage/StorageManager.html
OBBs contain a filesystem that maybe be encrypted on disk and mounted on-demand from an application. OBBs are a good way of providing large amounts of binary assets without packaging them into APKs as they may be multiple gigabytes in size. However, due to their size, they're most likely stored in a shared storage pool accessible from all programs. The system does not guarantee the security of the OBB file itself: if any program modifies the OBB, there is no guarantee that a read from that OBB will produce the expected output.
Related
What is OBB(Opaque Binary Blob) in Android develop site?