I have some sensitive content data that I provide with my Android application and this data (almost say 1 gb of it) is stored on an SD Card. I want to prevent users from using this card in other places other than the tab itself and reading/copying content off it on a computer or another tablet. I've thought about encryption mechanisms but for the amount of data I have these are very slow and not an option. Are there any hardware settings I could change or file data formats I could use to achieve this? Basically when I remove the card and put into another device I should not be able to copy data from it unless say I have a Pin number or some security mechanism. Most of the content is either pdf files or mp4 videos and I need a sort of software/hardware DRM mechanism.
I haven't done anything of this sort, but THIS might be your best bet.
If you can't implement an online service for your content, you could try creating a proxy local service which will handle the DRM Info Requests for you.
Related
I have read the various question but couldn't get mine answered so I am starting this thread.
I have a requirement where in I'll get some secure data on SD cards. The app users will just plug in the shipped SD card and they should be able to access the content.
But we need to maintain the Digital Rights i.e. the data on the SD card should be only accessible to my application. No other application should be able to read this. Also, once the user license expires, the data will be wiped off.
Just wanted to add. We will be providing the device along with the application. So, we have control over the hardware.
So my questions are:
How to keep encrypted data[videos, text files, pdfs etc.] on SD card
How to restrict any other application to access this data
If the user breaks the root of the device, can I delete the
application and the data on the SD card?
Can any MDM help? I am open to suggestion. Are there any opensource
MDMs available?
I'm no expert in this area, but in my view:
1) Just encrypt it with a key only your app knows (ideally use a different key per install).
2) You can't, although if it's encrypted no other app can make sense of it.
3) No. The user could always plug the SD card into another device or PC card reader and copy it.
Victor - thank you (and the others) for the endorsement of my comment, hence this answer...
I'm looking for a solution (possibly implementing it) that would allow me to create a cache on my SD card (say, 25G) which would be used by some "caching layer" to store media on demand. The issue being that all of my media doesnt fit on a 32G SD card, so I want to be able to transparently have my missing data downloaded (ie: I dont want to have to download using another app) while I am attempting to play it in the stock media player or the Gallery or whatever. Does anyone know of an existing solution like this? I'm already familiar with the various dedicated apps out there which do this for music, but I'm looking more for a generic cache which caches anything that passes through it on an LRU basis. I want my NAS at home (or on S3, dropbox, Ubuntu One, whatever) to be an extension of my Android device(s).
If one doesnt exist, is it possible to chain ContentProviders? Could I create a CacheProvider which keeps track of what is currently in my cache and what isnt, and use the URIs from the CacheProvider to populate the MediaStore? All examples I can find so far show that what comes out of the MediaStore is always a URI to a file, so I suspect its not currently possible.
After a little POC, it appears that this is not possible using ContentProviders alone. While it is possible to chain providers together if you override ContentProvider.openfile(), since the MediaProvider currently assumes that everything in _data points to a file or an HTTP stream, the Music app will fail to play any content which sticks another content URI into _data. If MediaProvider were changed to handle content URIs then this would be possible, but I think the only way to achieve that would be to copy/paste the MediaStore framework and rename it all, or to do the change in a mod (like CyanogenMod).
I am downloading files from a remote server to be saved for use on an android device. These files are mostly images and audio but I would like it so that a user cannot access this data using methods other than the app.
The issue is that these files could be large and that's why I use external storage. The problem here is that users can access the data stored on external storage by hooking the phone up to a computer.
Apart from using internal storage, do I have any options to secure the files written to disk?
If I do have to use internal storage, are there any other disadvantages other than the fact that some users might have a small amount of internal storage?
Thanks for your time! Any help will be much appreciated! :)
EDIT 1 :
The data being downloaded is paid content (via In App Billing). This is why I'm concerned about restricting access.
EDIT 2 :
I am already adding a "." before the folder I'm saving my data to. I'm more concerned about 'power' users who would know to look in hidden folders.
Seems like you are populating app's cache from web. It is always recommended to use external storage for such purposes because some users may not have enough internal memory to accommodate this.
Since you downloading includes images and audios, i wouldn't suggest you to use encryption/decryption as it will slow down the app's processing. So there's nothing much you can do to secure your data if you want to put on external memory and skip its encryption.
I personally don't think any harm/disadvantage to leave such data as it is (not encrypted). But if you have some of the files important, perhaps you may perform encryption on those particular files only.
I'm developing an app that would have an In-app purchase and download Videos from my server and store them on the device.
The problem is, the Videos are paid videos and are to be maintained in a highly secure place inside the app itself.
What are the possibilities of doing it? I had a look at setting android:exported="false", but it just restricts other apps to access my app's data. But how do I store the videos in a place which are restricted to be viewed by default even when connecting the device to a PC?
Are the apps allowed to store data in the device's \data folder? If so, please tell me how!
You can store files in your app's data folder, and as long as the phone isn't rooted, only your app should be able to access them.
However. The local storage on phones is generally limited, so storing videos there is a bad idea. Also, unless you're integrating your own video player, you might have issues trying to get the phone to play videos in your private folder.
To speak to the security issue, I'd suggest trying to keep them on the sd card, and experiment with either encrypting them, so they can't be read raw from disk, or (possibly) experimenting with file permissions, although I doubt the latter would work.
To do the encryption, I'd download the video, encrypt it and save it to the sd card. When you want to watch, decrypt and temporarily save to local storage for viewing. Not sure what kind of performance that will get, though. Plus, if you're relying on the OS to play your videos, you could have the same permission issues mentioned above. Depending on how critical this all is, you could explore something where the file/folder structure is obscured, so getting at them manually is more complex. Won't prevent all grab attempts, but will deter casual users.
I want to set read-only permission on external micro-sd card programatically, and user should not be able to access it form phone menu too.
or Is there another way to hide that, because client have a video folder which is played by only subscribed users, therefore i want that folder is either read-only or hidden for other users.
plz help .
That is not a sensible way to accomplish what you are trying to do. You should be storing the data encrypted and decrypting it strictly in your application. You will never get any kind of 'hiding' to work right.
You can't get any kind of this, So if possible store the video in internal storage (but if device can rooted then also user can access it), or store in a web server and at a play time play from web. And only option is as per David Schwartz suggested do encryption/Decryption for it.
It's not a reasonable way to say that I have some of my apps data in an sd-card, so no one else should access that!, Better try some alternative like encrypting your data, so that even if someone accessed, they must not be able to read it!