I have read the various question but couldn't get mine answered so I am starting this thread.
I have a requirement where in I'll get some secure data on SD cards. The app users will just plug in the shipped SD card and they should be able to access the content.
But we need to maintain the Digital Rights i.e. the data on the SD card should be only accessible to my application. No other application should be able to read this. Also, once the user license expires, the data will be wiped off.
Just wanted to add. We will be providing the device along with the application. So, we have control over the hardware.
So my questions are:
How to keep encrypted data[videos, text files, pdfs etc.] on SD card
How to restrict any other application to access this data
If the user breaks the root of the device, can I delete the
application and the data on the SD card?
Can any MDM help? I am open to suggestion. Are there any opensource
MDMs available?
I'm no expert in this area, but in my view:
1) Just encrypt it with a key only your app knows (ideally use a different key per install).
2) You can't, although if it's encrypted no other app can make sense of it.
3) No. The user could always plug the SD card into another device or PC card reader and copy it.
Victor - thank you (and the others) for the endorsement of my comment, hence this answer...
Related
I'm new to Android and extremely confused about storage.
I have 4GB of internal storage on my Chromecast.
I plugged in a USB and formatted it as a storage device.
After that I enabled force push installs to external in the developer settings.
The drive name shows under the settings as USB Drive, however when I load File Commander App it's not showing at all.
When I used Termux and took a look at /mnt/sdcard/Android/obb to find a large OBB, it seems to be showing at exactly the same directory as /storage/shared/Android/obb.
So where exactly is internal storage and external storage?
How can I move files between them if I can't do so using File Commander?
In short, Internal Storage is for apps to save sensitive data to which other apps and users cannot access. However, Primary External Storage is part of built-in storage which can be accessed (for read-write) by the user and other apps but with permissions
Internal vs external storage is kind of a distinction that didn't go the way it was expected to go. I think originally it was meant to be phone storage vs SD drives, but it moved away from that. Now internal storage is special storage for an app held in phone memory. Its limited in size per app, but you should reliably be able to hold that amount. No other app can read this (unless your phone is rooted).
External storage is unlimited, but theoretically may be less reliable? You may also not be able to get any, if the device is out of space. But its not really removable anymore, so you can count on it staying there. It also is specific to your app and no other app can read it.
Then there's a few special folders in external storage anyone can access. Downloads, photos, etc. These work like external storage but data stored there can be accessed by other apps.
None of the app specific storage will show on file picker, because other apps don't have access. Unless you're rooted, in which case the rules can change. Or if you're using ADB and debugging.
As for where the actual folders are on disk- that can change depending on model. You can't depend on exact directory structure on Android. When you're writing a program that's why you use getFilesDir and getExternalFilesDir.
(If you're wondering why they still have a difference between the two- I don't know other than inertia. They've killed every difference between them, the little difference left may as well be killed to make programming simpler IMHO).
Is it possible to read/write to SQLite on a removable USB Flash Drive from Android, by this I mean the app is installed on the phone, but the data used by the app would be stored on a removable USB flash drive that plugs into the USB/Charging port.
I have been reading a lot and for the most part references to this suggest the data must be in the same location as the app. I need the data to be external to the app so different databases can be used as required. If it is possible I would appreciate a reference to an example or information.
unfortunately the use-external-database-in-android article requires the database to be located in the Assets /data/data/YOUR_PACKAGE/databases It needs to be copied every time from the source location. It also is not suitable for large data
background
Starting with version 4.2 , Android supports multi-user (link here and here).
Each user has its apps and their private data is visible just for the user.
The question
How does the encapsulation of the data per user work in terms of paths and accessing files?
I mean, what will be the paths per each user for:
the private, internal storage.
the emulated external storage (built in external storage)
the "real" external storage (sd cards)
?
I guess users can see the data stored on the sd cards that belong to other users, but what about the emulated external storage? And can they also write other users' files or just read them?
Does each user get its own special path automatically? or should the developer handle this?
If the developer needs to handle it, what should be used as the ID of the user?
The documentation says:
No matter which of these APIs you use to save data for a given user,
the data will not be accessible while running as a different user.
But that's all assuming you use the APIs for your own path. Could apps somehow bypass this by going to other paths?
What can an app query about each installation of itself on the same device? Can they get the size of apps of other users? Can they even get the list of apps of other users?
Does multiple installation of the same app also take multiple size?
what will be the paths per each user
If you care, you're doing it wrong. Use the Android SDK APIs for determining base directories, and work from there. So, for example:
getFilesDir() will return the right location for internal storage for the current user
getExternalFilesDir() and the methods on Environment will return the right locations for external storage for the current user
I guess users can see the data stored on the sd cards that belong to other users
That is outside the bounds of the Android SDK, generally.
but what about the emulated external storage?
Each user gets their own space.
And can they also write other users' files or just read them?
Neither, barring bugs in the device.
Does each user get its own special path automatically?
Yes, if you are using the Android SDK APIs for determining base directories.
Could apps somehow bypass this by going to other paths?
No, because they will have neither read nor write access, barring bugs.
What can an app query about each installation of itself on the same device?
AFAIK, nothing. From the app's standpoint, the fact that there are several installations on one device is indistinguishable from being installed on several devices.
Can they get the size of apps of other users?
I do not know what you mean by "size of apps", sorry.
Can they even get the list of apps of other users?
That's a fine question. I have not experimented with PackageManager to see what it exposes when used by apps run by secondary users. In theory, it should only report things that are available to the current user, particularly given Android's restricted profiles.
Does multiple installation of the same app also take multiple size?
The APK and the pieces of it that are unpacked (e.g., DEX files) are shared, as I understand it.
I'm developing an app that would have an In-app purchase and download Videos from my server and store them on the device.
The problem is, the Videos are paid videos and are to be maintained in a highly secure place inside the app itself.
What are the possibilities of doing it? I had a look at setting android:exported="false", but it just restricts other apps to access my app's data. But how do I store the videos in a place which are restricted to be viewed by default even when connecting the device to a PC?
Are the apps allowed to store data in the device's \data folder? If so, please tell me how!
You can store files in your app's data folder, and as long as the phone isn't rooted, only your app should be able to access them.
However. The local storage on phones is generally limited, so storing videos there is a bad idea. Also, unless you're integrating your own video player, you might have issues trying to get the phone to play videos in your private folder.
To speak to the security issue, I'd suggest trying to keep them on the sd card, and experiment with either encrypting them, so they can't be read raw from disk, or (possibly) experimenting with file permissions, although I doubt the latter would work.
To do the encryption, I'd download the video, encrypt it and save it to the sd card. When you want to watch, decrypt and temporarily save to local storage for viewing. Not sure what kind of performance that will get, though. Plus, if you're relying on the OS to play your videos, you could have the same permission issues mentioned above. Depending on how critical this all is, you could explore something where the file/folder structure is obscured, so getting at them manually is more complex. Won't prevent all grab attempts, but will deter casual users.
i'm writing an application that needs to store some data,and picture. For example place's information. this information don't need to change very often. and
I have seen that databases are
stored under /data/data/package_name/databases
I decided to store my data under /data/data/package_name/files.
With the emulator i can see all these files (databases)
under the proposed directories but moving the application on a real
device and installing a file system browser i cannot see any file
under /data. i know that there are some security constrain in (not-rooted) device. However, are there any suggestion about the solution.. where can i store these data and how? because i'm quite new to android. Thanks so much for your help.
The reason you can't see it on the device is basically just as you said; the device isn't rooted, so other apps don't have access to the /data folder.
This is okay though, because you can still store your files there. Your app has access to anything under /data/data/package_name/, you just won't be able to see it in a file browser unless you root. This is normally a good thing, to keep average users from mucking around with your databases/files.
Read up more on storage methods here.