Currently I am working on an app which has files stored in the res/raw folder.As I understood, these files are only readable but not writable?
My problem is that I need to change this files, when someone puts in a serial number, so that certain functionalists will be activated.
Also I do not really like to put the files as public on the SD card, since the users should not be able to get the content of these files.
How can I achieve this problem?
First thought would be:
The serial number and other settings information I am storing in the shared preferences...
Also my question is, are the shared preferences accessible for the user, so that he can see, change those settings by himself?
If not then I could store the information to activate the functionalists in there.
Does anyone has some other suggestions?
Related
I am writing an app for my final year project, so it's more so for proof of concept so it doesn't have to be the best app in the world.
It is like a file locker app that you can add and remove files from the app and when they are stored they will be encrypted. There will be a login of some sort for the user to enter and be verified on a DB.
I am still a novice in android so I still have a way to go, but I am getting there!
I was thinking when the file (which could be a doc, pdf, jpg, video file etc) is added to the app it would be stored in the internal storage (from what I have read it seems to be the best place to store app related content) and a record of the name and file type would be added to the DB and also the encrypted file name. So when the user looks at the app they will see a thumbnail of the pic and the file name, kinda like the My Files app shows up files within a folder.
My question is it best not to store the file directly into the DB but just use the DB as a reference with the file details, if so how could this be done?
Also I was thinking that an AES 128bit encryption method would be best suited for this. I have tried a couple of encryption examples but have only been able to do this with a txt file, when i tried it with a jpg the app just sat there and did nothing. It showed the encrypted and decrypted jpg but this was not viewable.
Would anyone be able to suggest a good way of encrypting any file type that would suit for my app?
Any help would be greatly appreciated!
Cheers,
Owen
If you want to do this properly, here are a few tips:
Don't store files in the database, unless you know in advance that they're going to be really titchy. Store them somewhere else, with a reference to them in the database.
The best place for them if they're smallish is internal storage in the app's private file space. But if you want to be able to store encrypted arbitrary data then you'll need to hit external storage.
Don't store the decryption key!
Ideally, you should find a way not to write the file anywhere when you decrypt it. That might not be possible, though, if you need to open it in another application afterwards. If you write the encrypted files to external storage, you should at the very least write the decrypted version to internal storage where there's some operating system protection against other apps reading it. If you write the decrypted file to external storage, anything will be able to get at it.
AES with a 128-bit key will do you fine.
I have a simple application that should handle (display, play...) data downloaded by users. I.e. when the user downloads the application (for free), it is empty, or filled just with some sample data, but then the user can download the actual content of their preference (and potentially pay for it via Android billing system). Each item is a folder with an xml file plus several sub-folders (such as audio and images). In the development phase the data are stored in the assets directory.
The payment itself is not a subject of the question at this point. I am actually interested in the following:
where can I store the downloaded data in the phone so that it would be accessible for the application but so it could not be copied manually by the user (for example to another phone). It would be ideal if I could store the downloaded data in the assets directory but I'm afraid once the apk file is generated, assets are "locked" and cannot be easily extended (or can they?) If I store them on the phone's card (or in the built-in memory), they will be accessible by other applications such as media player or galleries, too, won't they?
it would be great if I could download the package as a single single file - is it possible to upack it by an built-in method and store it as a folder with upacked (and thus readable) sub-folders and files?
when the application is downloaded, it is an apk file. Therefore it should be possible to have the sample data (i.e. downloaded with the application) at the same location as the data that will be downloaded later. How can I ensure this.
the data can be pretty large and therefore it is not an option to have all of them included in the assets folder immediate after the download and unlock it on basis of the user's actions
once the data are downloaded, they must work off-line (i.e. the user must be able to display them without internet access; thus it is not possible to check identity of the user on the server - they can simply display anything they have previously downloaded)
Example (for clarification purposes): have an application able to display recipes. It does not contain any or just a few after installation. You should be able to download recipes (one by one) from a server (each having a certain file structure stored in a seperate directory). Once they are downloaded, they become an integral part of the application and always accessible for the user even if the use the airplane mode of their phone.
Hope it makes at least some sense (I can clarify the question further if it doesn't). I've found several tutorials on how to work with data stored in assets and on how to handle data on an sd card but none concerning this particular topic.
you may store your date in your application data folder, basically it's available to your application only. if you want to prevent your data to be copied to another phone, generate a random UUID on the first run, and then use it to encrypt your data stored in the data folder. another phone will have different UUID and different encryption key, making it pointless trying to copy encrypted data. you may even use non-symmetrical encryption and send your generated (public) key to the server and have the server to encode your data and send it back in encrypted form, thus preventing your data to be exposed at all.
the assets/ folder is generally read-only, you may put your data there only during the build step.
make your file a .zip file -- these are compact and you may easily read files and folders and whatever you need using java.util.zip.ZipFile
sample data goes into assets folder, you may copy it out to the data folder on the first run.
once you download the data and save it to the device, i don't see any reason why your application won't work offline
I have files that I want to save so they are not accessible by other applications and that are safe from updates (won't be deleted).
My Problem
I am not sure where to save them. I know that I can save them in the data directory using the below code to get the path but I'm not sure if this is correct.
Environment.getDataDirectory();
My Question
Is the applications data directory the correct place to store my data or is it meant just for system data?
If it isn't the correct place, could you suggest where is?
Thanks in advance
I'm sure you have already come across this
http://developer.android.com/guide/topics/data/data-storage.html
In that you see Internal storage is usually a methodology which helps in achieving what you asked for. Yes you can use the function which you have shown
or
(OWNERACTIVITY).getFilesDir().getAbsolutePath()
should give you the location where data for the application gets stored.
If you are keeping files in SD card, all applications (with android.permission.READ_EXTERNAL_STORAGE) can access the data. The best place is is keep them in your data directory. Your application can access the data as long as your package name and certificate is not changed. If you want to store some files like images and audio, you can store them in SD card in a directory with .nomedia in it. But if you want to keep some data files, checksums etc, it is better to keep them in data directory. Even if you update your application, you should still be able to access it.
YOu can read more here
I have a project consisting of four programs for different platforms; all of them use the same XML-based settings file format. I want to be able to manually modify/overwrite it outside of the application. On Windows, Windows Mobile and Linux I'm using "user.home", but on Android that alias isn't implemented. I'm thinking about simply putting it in the Downloads directory, however, that doesn't feel right.
I can't be the only one, who needs that kind of functionality. Or this isn't Android-way? Any suggestions are appreciated.
EDIT: I'm OK with the settings file not being available all the time (i.e. SD-card removed), it's used only on the start-up of the application.
Store it in getExternalFilesDir(). This would work only if the device has an external storage. The user would be able to access it.
However, take note of the following from the docs:
External files are not always available: they will disappear if the
user mounts the external storage on a computer or removes it. See the
APIs on Environment for information in the storage state.
According to Android data storage documentation you have 5 options:
Shared Preferences. By default this will use file /data/data/your.package.name/preferences/user_preferences.xml
Internal Storage. Here you can use something like /data/data/you.package.name/user.home
External Storage. Similar to internal storage /mnt/sdcard/Android/data/your.package.name/user.home, but if user removes memory card file will be inaccessible.
SQLiteDatabase. You can store the whole user.home file in a database blob.
NetworkConnection. Store user's config in a cloud.
I read this sentence, form a book
"Files: Files internal to applications, which you can store on a
removable storage medium"
and I am confused, well I expect that "Files internal to applications" saved from my app that will be accessible only from my app. and that is true when you save them internally in the phone memory.
But as the sentence says , you can save files to the sdcard also. And that is great but I think that everyone with 'external storage read' privilege set in the manifest will be able to read your file, so that doesn't make it internal to the app, it makes it publicly available to everyone.
My question is:
Is there any way to store the files in the 'removable storage medium' -> sdcard and those files to stay available only to my app, others application to be prevented from reading the content ?
I know that if you put files in data/data//files these files are only available to the app with that package name
It is possible . For that you need to encrypt the data with some private key and write to SDCARD, when ever you want to process that data you have to decrypt it . So another app can't access your data without decrypt it.
Android Encryption Example.
store the files in the 'removable storage medium' -> sdcard and those files to stay available only to my app
I don't think so, For sdcard it is not possible.
The one way is store encrypted file in sdcard and key for it is you can put (keep) in your application's shared preference in private mode and decrypt the file from your application when you want to read it. But I think it some ugly way.