I have an android application that helps users to read some books , it is in pdf format.When users choose a book from a list , that book just downloaded from the server and users can read it.
I want to prevent users from copying the pdfs from the app. is it possible?
Help is highly appreciable
Thanks,
As soon as you decypher the pdfs on the device, it means the device owner has the code to decrypt pdf files. A good and motivated hacker will always be able to find that code and decypher the books. There is no solution against that.
Nevertheless, piracy and anti-piracy is some kind of nuclear weapon race, so do you best to make things more difficult for hackers, use several custom encryption schemes for instance. Also you can consider using KeyChain to store your decyphering keys : http://nelenkov.blogspot.fr/2012/05/storing-application-secrets-in-androids.html
But still, a good hacker with time would find a way. Also, if you are looking for some legal answer more than a technical one, your licence should explicitly prevent people from decyphering the files.
Simple method is you can convert it into a byte array, encode it base 64, and store it in shared preference as a string. when the user opens it, you can decode and display
It will be illegal from the case of copyright. you can do it using free books or pdfs.
Related
I know, that I probably could try to learn everything about databases, but my way of learning is to get first push/hint from pro's and then try to figure out the rest. It narrows down the amount of things to learn at once. So far it works for me.
Long story short- my goal is to create Flutter app for iOS and Android, that can store pictures(preferably converted to PDFs- I'll do that later) and some user entered data about these pictures/PDFs.
Later the app needs to work with this entered data(sort, use, display, etc) and the app should store all of those images.
Ideally, if in future all of the data/pictures could be stored on cloud and accessed from multiple devices/app accounts.
What type of database could be most suitable for these purposes?
This is the first time for me to work with databases, so don't judge me too hard, please :) I just need a direction in which to dig.
P.S. my one goal is to build prototype-app and after it is proved that it can achieve its goals, hire pro developers to do the updates un polish everything.
Thanks in advance.
I would advise you to store your images in a directory structure decided by you. Then you can store the path to these files (along with any other data) in the database.
I have an app on android. I use facebook keys,twitterkeys on my strings.xml file.
I use proguard. But when a man which want to see real code, decompile myapp , yes it is complex because I use proguard. But my strings value is seen. Is it a securty problem. I want to hide them or how can I encrypt them.
thanks
As far as I know only possible way how to achieve your goal is to physically check every user. It could be some kind of form which user has to fill with some personal data so term "physically" is maybe not the best choice here. I guess you could do that semi automatically.
Other methods are just slowing down the reverse engineer and making his life harder.
If you have the controll over your users (for example if your app is for some company employees only), you can control people who download the app by providing password secured download site and provide that password only to company employees by mail or some other way.
But after all - every secure user can be the bad guy who provide apk to some reverse engineer, so you will be never 100% safe, until .apk format change in some way.
create one encrypted file with your text data and store in assets & read it from assets by decrypting it , is one of the better solution
I'm currently developing an Android game which saves data into a SQLite database. This is not really "sensitive" data, but I don't want users to be able to modify it (for obvious reasons of game balance, as it would be cheating). And it's quite easy to access and modify a SQLite db when your phone is rooted (there are plenty of applications for that in the market).
So should I even worry about that, or consider users with a rooted phone can do whatever they want including cheating and that's their choice? Or could I somehow encrypt the data I don't want them to modify, or add a MD5 checksum or something similar?
Another approach would be to abandon SQLite altogether and use some kind of binary files with game data.
Please let me know if some of you already encountered similar issues, and what are the approaches you followed, as well as the "good practices" in the Android gaming development community.
Thanks.
Root access for everybody and security are mutually exclusive.
Any application or user with root permissions can read and modify each and every file on your system, as well as all of the main memory. That doesn't leave many places to store a potential encryption key for the database.
You could hide parts of the key in the executables, configuration files etc, but everything you could come up with would be nothing more than obfuscation and security by obscurity.
If a user opts to grant root access to everybody, that's their decision, and it's not your job as an app developer to prevent any harm that might be caused.
Update:
Storing API keys in Android, is obfustication enough? is a pretty similar issue - it's about protecting API keys, but it's the same situation with regards to your options.
sqlcipher for Android might help here.
https://guardianproject.info/code/sqlcipher/
I think based on your requirement the best method is using consistency of data,
for example MD5 the score and time, then put score and time and MD5 in to the table, then every time wanting to use that row of DB check the MD5 of the score and time if the one in DB and the one which calculated are same, the row is consistent otherwise it was hacked!
You may find your happiness on Preferences Files Look here
I need to find a way to encrypt/decrypt an images in Android.I'm new in Android programming and never been encrypt/decrypt on any other platform,so please provide me a good example,because I need to learn how to do it.I'm working on a project which needs to encrypt/decrypt images.I'll be really happy if you can help me about this.
Thanks anyway!
You can take a look at this Stackoverflow Encryption Accepted Answer
Keep in mind that this is probably going to take a lot of time to encrypt/decrypt images. You also have not set any security standards (how secure must this be) so it's hard to give an authoritative answer
Update
After your comment here are a few more things to think about. Typically faster = less secure. Are you really trying to secure the images or just make them unavailable to unauthorized users.
For instance do you only want the images to be viewable on an authorized device or are you worried about them falling into the wrong hands?
I had a problem where the images should only be shown on a device that was an authorized account, that was fairly easy to solve, a unique ID associated with the users account was used to encrypt the data, so each user had their own (unique) key on the device and on the server, encryption was done on the fly on the server side. I also only needed to encrypt part of the data (header - first 4096 bytes) to make it unusable, I wasn't trying to keep the NSA from decrypting the images, just keep them from being easily decrypted and passed around.
So that was fast and secure enough, this is why I am suggesting you figure out what you are trying to do and protect against before picking a implementation plan.
I m designing a big android application, where there are XMLs to store temporary data, images captured by camera and other details. Which is the best way to protect them from outer access from phone or from PC. XMLs can be encrypted. And images too, however there are times when they need to be accessed very often and encrypting-decrypting is very heavy operation. XML encryption is manageable but images cause memory problems. Is there any alternative way, something at folder level ?
Ok, so the "enemy" is the malicious user? If that's the case, there is very little you can do, especially on a root-ed phone. Essentially, since your application is the guest here, you can't really prevent your host from kicking you out.
However, there are a few things you can do to deter them from doing so. You can encrypt the XML and image, but as Macarse raised, the decryption key would have to be on the apk itself or if you contact a server to get decryption key, it is possible for an advanced attacker to spoof a request which your server wouldn't be able to distinguish with real key requests. I'd go against asking the server, it's too much hassle with little gain.
Another you can do is to devise a proprietary image format, then no standard image editing tools can edit the image. However, an advanced attacker could still reverse engineer your image format, and write a converter to a standard image format.
The third thing and most realistic you can do is to just not store the image on the phone. When you take a snap, then immediately send it to the server, so you wouldn't need to mess with securely saving the image. An attacker can still intercept the network traffic as it is being sent or they can tamper your apk(!) such that the program would save a copy of the image to the phone. You can probably do some self-authenticating apk, but that's usually much more hassle than it's worth.
In short, there is little you can do against your host. It all depends on how valuable is the data you're securing, and how likely someone would spend that much time on trying to break your security, to get to the prize.
I'd say, just encrypt the image using a locally stored decryption key, unless you have a real reason to suspect that someone would spend their time to reverse engineer your code.
There is not such a secure thing to do with assets.
If you store stuff on res/raw it can be read by other applications on a normal phone but yes on a rooted one.
If you encrypt data, the decryption key will be available in your code. Easy to get it having the apk and apktool.
Perhaps you can do some of that but also obfuscating the code (Android developer guides recommend ProGuard).