I would like to give some kind of protection to my files either stored in SDCard or in application sandbox. Currently I am using Cipher to encrypt or decrypt any file. Problem with using Cipher is time. It takes lots of time if file is large. Like currently I am encrypting a video file which takes more than 4 minutes to decrypt. I want to know that Can we apply some kind of password protection to file without encrypting ? If anyone knows how can we do that, please let me know.
Short answer is NO. That is not possible. File is on SD card stored as "array of 1 and 0" so each program can access SD card and read your data. Encryption is best way to keep your data secret.
Related
I would like to make video/audio/pdf files hidden inside Internal/External storage in Android. Our requirement is making the files visible only in our Android application but not any other apps like Es File Explorer and not even when connecting the device to Desktop/Laptop.
I have googled it a lot and found the following ways but with few disadvantages.
Creating folder/file with prefix "." - It has the disadvantages that we cannot prevent it to be visible in some File explorer apps with the option "Show hidden files" and we cannot prevent the files from getting displayed when connected to Desktop/Laptop.
Storing the files inside App specific folder - Storing large memory files in the path returned by android.Content.Context.getFilesDir() will lead to the poor performance of the device and most of the devices will not have large internal memory size.
How to overcome the disadvantages and make our application to meet the requirement ?
Well hiding files to user accessable storage is not recommend without encryption.
Youtube,Gaana, saavan, hotstar all these media related apps used to encrypt their data and stores in data location which is visible to users but they can't share or use in other ways as the data is encrypted.
You can use CipherOutputStream and CipherInputStream for encryption and decryption of file in android.
There are two ways through which you can achieve your goal
Download a file and encrypt it, when you want to play that file decry-pt it in a temporary file and play it which I not recommend as it can increase the chances of data grabbing.
if you want to play encrypted file on the fly (not decrypting it in a temp file) then you can use Libmedia library. It streams encrypted file on local host and play it from there
Original answer : https://stackoverflow.com/a/35426842/9565955
Your first proposed solution won't work since it would make files accessible to anyone.
Second solution is perfect if you have limited file sizes. In case of large memory files it is always better to store them in External storage. But this would make it publicly accessible. To prevent that you can encrypt the files and store them in external storage.
Some suggestions while doing so :
Randomise the filenames so won't be easy to guess.
Refer this for simple file encryption.
Do not use static key for encryption as it can be reverse
engineered. Use different key for every file.
Do not store the original key in db/shared preference. Store the
hash of it instead.
You can even hash the key n times and then store in db. This would
make procedure a bit slow but provides more security as one has to
know the exact value of n to get the original key.
For added security you can even consider using Android's KeyStore to
derive the IV.
I am writing an app for my final year project, so it's more so for proof of concept so it doesn't have to be the best app in the world.
It is like a file locker app that you can add and remove files from the app and when they are stored they will be encrypted. There will be a login of some sort for the user to enter and be verified on a DB.
I am still a novice in android so I still have a way to go, but I am getting there!
I was thinking when the file (which could be a doc, pdf, jpg, video file etc) is added to the app it would be stored in the internal storage (from what I have read it seems to be the best place to store app related content) and a record of the name and file type would be added to the DB and also the encrypted file name. So when the user looks at the app they will see a thumbnail of the pic and the file name, kinda like the My Files app shows up files within a folder.
My question is it best not to store the file directly into the DB but just use the DB as a reference with the file details, if so how could this be done?
Also I was thinking that an AES 128bit encryption method would be best suited for this. I have tried a couple of encryption examples but have only been able to do this with a txt file, when i tried it with a jpg the app just sat there and did nothing. It showed the encrypted and decrypted jpg but this was not viewable.
Would anyone be able to suggest a good way of encrypting any file type that would suit for my app?
Any help would be greatly appreciated!
Cheers,
Owen
If you want to do this properly, here are a few tips:
Don't store files in the database, unless you know in advance that they're going to be really titchy. Store them somewhere else, with a reference to them in the database.
The best place for them if they're smallish is internal storage in the app's private file space. But if you want to be able to store encrypted arbitrary data then you'll need to hit external storage.
Don't store the decryption key!
Ideally, you should find a way not to write the file anywhere when you decrypt it. That might not be possible, though, if you need to open it in another application afterwards. If you write the encrypted files to external storage, you should at the very least write the decrypted version to internal storage where there's some operating system protection against other apps reading it. If you write the decrypted file to external storage, anything will be able to get at it.
AES with a 128-bit key will do you fine.
I want to store media files in an external storage creating a folder . The folder is secured using a password and accessible by my app only. The user is allowed to create its own password. Any suggestions how to do this??
I don't think your approach is possible. Maybe you should think about encrypting the file contents, so that only your app will be able do access the actual content after decryption.
Encrypting files is not a solution! This only creates potential file loss and problems later. Also, it is slow and you rely on the app that encrypted the files to unencrypt them later. What if that app dies or is not longer available? You have lost your files.
External storage such as the SD card has no permissions associated with it. The closest you could do is to store your data in some encrypted form and as per requirement you can decrypt it also.
This is the link for how you can encrypt and decrypt your file.
is it possible to encrypt the sd card folder r not please help me
if it possible , what is the processor of encryption and decryption
not possible , let me know what can i do for folder security in android sdcard
My file is here :/mnt/sdcard/image1.jpeg.
So How to encrypt this file in android please help me
and Android encryption support MBs r not
is it possible to encrypt the sd card folder r not please help me
Only by modifying the operating system and creating your own custom ROM.
not possible , let me know what can i do for folder security in android sdcard
If your objective is to allow the user to defend against other people stealing the user's data, you can encrypt individual files as part of how you store them. For example, you could use SQLCipher for Android to encrypt a SQLite database that you put on external storage.
If your objective is to hide data from the user, that is implausible. Your encryption algorithm and key will be in your app, which anyone can examine and use to get at the encrypted data. If you do not want users having access to certain pieces of data, do not put that data on the user's device.
Yes, you can encrypt and decrypt the files and folders in your sd card using java libraries. You can implement through javax.security package.
Below is the sample of Encryption and Decryption in java
Example 1
Example2
Example 3
Example 4
Take a Look at this Example
I want to save some files on SDCard which will be downloaded from net. The user should not be able to have direct access to it. I mean the file should be secure and it should not be transferred to other device and if its transferred then it should not be in readable format. Is there a particular directory on SDCard where these files can be saved and be secure too? Also this files should be automatically deleted on uninstall of the app. I guess there is a direct way of that in Android 2.2 but not below that. So, if someone has any idea of doing that then please let me know.
Encryption. If you're concerned about the user reading a file that's the closest answer you'll find -- but you need a secure way to store the decryption key also, which is not really attainable.
Realistically, anything that must not be viewed by the device owner must not be on the device.
If the files are in the physical possession of a dedicated user there is no practical way to make them impossible to copy. You can make them DIFFICULT to copy, but not impossible.
If you use encryption as #mah pointed out, and then don't store the key on the device: fetch the key from a server, retain it in memory and never write out the decrypted file or the key to disk you might be ok in deterring the casual pirate. The dedicated souls will figure it out.