I have encrypted fiiles in the external Storage dir / the SD card. The files are crypted
images (jpg, bmp,...)
videos (3gp, mp4,...)
Pdfs
I want to load the bitmaps, videos or pdfs to load them in my ImageView, VideoView or open them via a pdf viewer. The problem is the files are secret. I dont want the files to be stored to open them. They could be read by others during the PDFviewer shows them for example.
Is there a way to directly open an image or pdf even though it is encrypted without copying an unencrypted copy?
If you want to keep your files as secret as possible for your app, I would use
javax.crypto.CipherInputStream
or a customized subclass of it. To do that you'll have to display your content embedded in your app, which is pretty straightforward for images and video. For PDFs you'll need to add a control which can display that kind of file to prevent others from getting access to the content.
Hope it helps.
You cite three scenarios: images into an ImageView, videos into a VideoView, and PDFs to a third-party app.
Images are easy. Make sure your decryption logic can give you an InputStream of the decrypted contents, then use appropriate methods on BitmapFactory.
I am not aware of a way to reliably serve videos to VideoView from an encrypted source. I know some people have experimented with embedding an HTTP server and streaming it.
You can publish a ContentProvider that supplies the decrypted content of a PDF to a third party app. This sample app just reads in the file, but you could use the same approach to decrypt it along the way.
All of this assumes that the user is the one responsible for requesting that this content be encrypted, and that you have collected a passphrase from the user. If, instead, your vision is that you are trying a DRM solution, anyone who wants to will be able to decrypt your content by reverse-engineering your app.
Related
The core part of my application is load PDF online and user have access to download it as per their given rights.
The problem I am facing is that I want to load pdf online. After many research I have found that,
There are likely two ways to show pdf online in android:
1) In Web view by loading simple hosted URL
2) By google doc.
But in our case, if we use way (1), the mobile web view does not redirect hosted url of PDF.
And if we use way (2), then there are certain limitations of the google docs regarding the file sizes. (Small pdf it will load like 5 to 10 with size of 1MB)
But after loading PDF with the size of 2 or 3 MB it's also giving me error as "No PREVIEW AVAILABLE" and its continuously giving me this error opening different urls.
So it seems there is still no easy solution for viewing a pdf from url (online without downloading pdf).
The other way to open pdf online is that we can open it in any other third party applications like browser, adobe pdf reader or any kind of pdf viewer application available in the device.
Cons: If we open pdf in browser then it will get downloaded automatically and if we open it in any third party application then they have options to download the pdf.
Please give me some solution to read the PDF online.
And if there are any paid pdf SDK availble which gives functionality of loading pdf online from URL, then please provide information of that too.
Please also suggest me some pdf viewer library for displaying pdf online.
I have used many of the library, but it increases my application's size to 8 to 10 MB.
Thanks in advance.
The suggested primary solution,
Download the file, store it in the app specific folder so users don't have access. For viewers who don't have access rights to download it, you will delete the file as they leave the view. For viewers who have access rights to download it, they will be given an option to copy the file to their SD card (an accessible location) and then you will delete the original file as they leave the view.
For storing in app specific directory to restrict user access,
http://www.grokkingandroid.com/how-to-correctly-store-app-specific-files-in-android/
Also use a library to view the pdf(MUCH SIMPLER), choose an appropriate one from here
https://android-arsenal.com/search?q=pdf
Alternate solution,
If security is a major concern, you can encrypt the pdf file and store it on the server. And decrypt the file when you download it to the device.
For added security, don't store the file as pdf, just store it as a file. Download it as a file. Set type as pdf when you want to access it.
Conclusion,
Data wise, Even if you load it online, the device will consume almost same data as downloading the pdf. (Infact for viewing something online, your device downloads the data and stores it in the cache and you can view it)
Security wise, only a rooted phone will be able to access the file but that too for as long as you have decided to store it.
I suggest you check out PDF.js, a Javascript library from Mozilla to render PDF's in a browser. You can adapt this into a WebView easily, and display PDF's without downloading them.
Here is an open source app which does something similar to what you're looking for
I have lots of images and video, so I cannot store in internal storage.
I want to store it in external storage and I don't want to show this images and video to user. It can not be copy when it connected to USB.
I already tried to encrypt a video and images, but it takes to much time to decrypt a video and it is not played directly. This solution is told by so many people on stack overflow but it is not feasible for me.
I tried this solution,
so please give me the another solution if it is possible.
Thanks in advance.
Include an empty file named .nomedia in your external files directory (note the dot prefix in the filename). This will prevent Android's media scanner from reading your media files and including them in apps like Gallery or Music. for example , you store your images and video in sdcard/yourappname/
then put .nomedia file in sdcard/yourappname/.nomedia
And then other application can not read your media files
I searched through a lot of questions on SO but I can't find the answer, that's why I ask the following question:
An Android app should be able to play an encrypted video file (stored on the SD card and retrieved from a webserver).
The file has to be stored on the SD card so that the app can play the video file without having an active internet connection.
Because the video files may not be copied, the plan is to encrypt them server side when uploading the files to a webserver.
What is the best option?
1) I have seen suggestions for running a local webserver which decrypts the file (and how to do this?)
2) or should we decrypt the file, save it as a temporary file and set this temporary file as the source for the videoplayer?
3) something completely different?
You are trying to implement a DRM scheme, and a naive one at that. Look into DRM schemes and report back if you cannot implement the impossible. All you can hope for is obfuscation, and there are plenty of ways of doing that (none of them are secure of course).
What you need is DRM. Digital Rights Management (DRM) controls the access to your digital content such as video. Firstly, you need to encrypt the video with an encryption video like AES-128. Then with the use of DRM play in exoplayer. Exoplayer has DRM support. you can check here. https://exoplayer.dev/drm.html
You will expose the user to a waiting time if you choose to decrypt a entire big video beforehand. As of the security, you can guess it's a poor idea to have the contents in clear in a file, even temporary. The local webserver is a better choice because it's a streaming method, so without file storage. There is no class for an http server in the SDK, you have to implement your own one, otherwise look for an existing library similar to LocalSingleHttpServer.
i am developing one android application. it download videos from server and store it in mobile.
i want to store those video in secure manner.(deny the user from copying. or deny them from viewing the video directly from sdcard)
i found two ways to solve the problem.
1)Store the video's inside the application.
2)Encrypt the entire video
but facing some problem in implementing solution
i)first solution found suitable. but i am fearing that. if we store too much video inside the application .it would become bulkier.and fore the user to uninstall.
ii)but in second solution. i did not find any correct way to do so.
so please help me to solve the problem.
This is kind of suggestion :
To store the videos you must have created some folder on SDCARD, so you can hide the folder by putting the "." in front of the name while creating it. on top of this you can encrypt the video file using AES algorithm so it can not be viewed, if copied outside the android it will not be view able. but from your application you can decry-pt the file and view it.
Definitively, you must encrypt the media and that's quite simple. What is more difficult is to play the media, because MediaPlayer only accepts clear contents. A basic way would be to convert an encrypted file to a decrypted one, just for the time of the playing session. A better approach is to build a stream from the file, decrypt that stream and feed it to the player. The hard point is to have a local http server to serve the stream.
I am trying to create an app that would download a file from a remote server and save it to the SD card. The file is quite confidential so I need an encryption for this. I would like it to be saved as encrypted. When I want to play the file, it should only be played on my media player which has the decrypt code. No other player can play that file. How is this possible? Thanks for any suggestions you may have.
If you don't want to be bothered with a delay by decrypting the entire file before to be able to start the playing, you should consider a streaming architecture. A typical design involves the javax.crypto.CipherInputStream class and a local http instance. For an example of that kind of design, look at something like LocalSingleHttpServer.