I want to develop an application which lets user protect their files / folders . It is very much the same as existing apps where user can select the files to be hidden and those files can be accessed only from my app which is password protected.
I got enough resources about the encryption algorithm.
Here my doubt is :
where should i keep my encrypted files. It should be within my app folder. But this folder if i create on phones internal storage, will that not lead to memory restrictions. My app let user to add images / videos or any other file to protection. If i keep the folder on the sd card, the questions are it will restrict app to be run on only mobiles with sd card . Also the content of sd card can be accessed by others ( i am right here ? )
The next doubt is that i see most of those apps i see if i remove protection it is restored in its previous folder. How is it achieved . Is it like keep mapping table an duse that to restore ?
Please help me with answers for my questions. Thanks a lot for your time and help
According to my investigations of the same problem, there is no built-in encrypted storage in Android system. Hence, I'd recommend you following approach:
Encrypt file content with any algorithm. See here(1), here(2) and here(3).
Use MODE_PRIVATE when creating file with, for example, openFileOutput(String, int)
Related
My requirement is to cache the files securely in android internal/external storage, where apps other than my app should not view/access the documents I store.
Current implementation:
Currently, the app uses context.getExternalCacheDir() as a base directory and followed by respective folder structure to cache files. The problem here is, any user can view the files stored by just navigating through the path using some File Explorer apps.
We can use context.getCacheDir() or file directory,
There are limitations in using it, as it has less space and the platform might automatically delete files when it wants space for other operations.
Required Implementation:
Encryption/decryption would be one way yet, please suggest other possible ways to cache the files securely, so that users cannot view/access using other external applications.
as it has less space
That is not true for most Android devices created in the last 8 years.
the platform might automatically delete files when it wants space for other operations
That also holds true for getExternalCacheDir().
please suggest other possible ways to cache the files securely, so that user cannot view/access using other external application
Use getFilesDir().
I would like to make video/audio/pdf files hidden inside Internal/External storage in Android. Our requirement is making the files visible only in our Android application but not any other apps like Es File Explorer and not even when connecting the device to Desktop/Laptop.
I have googled it a lot and found the following ways but with few disadvantages.
Creating folder/file with prefix "." - It has the disadvantages that we cannot prevent it to be visible in some File explorer apps with the option "Show hidden files" and we cannot prevent the files from getting displayed when connected to Desktop/Laptop.
Storing the files inside App specific folder - Storing large memory files in the path returned by android.Content.Context.getFilesDir() will lead to the poor performance of the device and most of the devices will not have large internal memory size.
How to overcome the disadvantages and make our application to meet the requirement ?
Well hiding files to user accessable storage is not recommend without encryption.
Youtube,Gaana, saavan, hotstar all these media related apps used to encrypt their data and stores in data location which is visible to users but they can't share or use in other ways as the data is encrypted.
You can use CipherOutputStream and CipherInputStream for encryption and decryption of file in android.
There are two ways through which you can achieve your goal
Download a file and encrypt it, when you want to play that file decry-pt it in a temporary file and play it which I not recommend as it can increase the chances of data grabbing.
if you want to play encrypted file on the fly (not decrypting it in a temp file) then you can use Libmedia library. It streams encrypted file on local host and play it from there
Original answer : https://stackoverflow.com/a/35426842/9565955
Your first proposed solution won't work since it would make files accessible to anyone.
Second solution is perfect if you have limited file sizes. In case of large memory files it is always better to store them in External storage. But this would make it publicly accessible. To prevent that you can encrypt the files and store them in external storage.
Some suggestions while doing so :
Randomise the filenames so won't be easy to guess.
Refer this for simple file encryption.
Do not use static key for encryption as it can be reverse
engineered. Use different key for every file.
Do not store the original key in db/shared preference. Store the
hash of it instead.
You can even hash the key n times and then store in db. This would
make procedure a bit slow but provides more security as one has to
know the exact value of n to get the original key.
For added security you can even consider using Android's KeyStore to
derive the IV.
My android app download several files from app server. Users have to buy these files. So, i need to hide and encrypt these files, so that users cannot play/view these files, or they cannot delete/transfer these files. What are my options here?
check out this link: Storage Options
I would give a try for SQLiteDatabase keeping files as bytes (BLOB column type) or caching in internal storage
You may also keep files in external storage in hidden folder (name starting with dot, e.g. .hiddenFolder) if you are encrypting data, but note that every app can be decompiled and all methods/ciphers may be visible then (key fetched only from server without keeping localy?) and access to external storage (e.g. SD card) is easy when folder name is known (or intuitive, or get from decompiled source)
Put those files in internal memory. No need for encryption then. Only if the device is rooted you are out of luck. Then you need encryption there too. Putting the files in a database unencrypted will fail on a rooted device too.
The idea is that.
My application allows user to listen to music and watch videos from the social network. User can save these files in cache to be able to play them offline. This data is saved to SD-card and can be accessed by file managers e t.c.
I want to limit access to these files to other application. The most obvious solution is data encryption.
Can you please recommend me some libraries or frameworks for quick file encryption/decription? It is very desirable to encrypt files "on the fly" during the are loading.
Would this procedure be too slow and resource intensive?
May be there exist some other ways - protected folder in the SD filesystem or something like that?
Yes there is a more standard way to do this.
By using openFileInput on your Context and setting the MODE_PRIVATE flag, you will be able to create files and even folders within your application. Also, these resources will be completely private to your application.
EDIT :
Most of the time, these files will be stored in /data/data/<app_package_name>/files. That is, on the phone memory most of the time, although this is implementation specific.
Regarding the comment of #Carlos mentionning file spamming, yeah you can flood the NAND with multiple files, but /data will be in most cases mounted on a dedicated partition. So you'll be hitting the virtual size of the partition at some point. Please look at this post, the accepted answer gives more details about this.
In fewer words, this is implementation specific (depends on the manufacturer).
Your only option would be to use Encryption, if you want to keep using the external storage. SpongyCastle can help with that. It is an android version of the BouncyCastle APIs.
Apart from that, you could move your files to the internal storage, which may not be feasible in your case as media files tend to be big, and internal storage on most devices is very limited. Even if you do move them to internal storage, any rooted user can access them (or any app with root privileges).
Protecting the folder isn't an option, as anything on the external storage is available to any app with permission to access the external storage. There is nothing you can do about that.
I read this sentence, form a book
"Files: Files internal to applications, which you can store on a
removable storage medium"
and I am confused, well I expect that "Files internal to applications" saved from my app that will be accessible only from my app. and that is true when you save them internally in the phone memory.
But as the sentence says , you can save files to the sdcard also. And that is great but I think that everyone with 'external storage read' privilege set in the manifest will be able to read your file, so that doesn't make it internal to the app, it makes it publicly available to everyone.
My question is:
Is there any way to store the files in the 'removable storage medium' -> sdcard and those files to stay available only to my app, others application to be prevented from reading the content ?
I know that if you put files in data/data//files these files are only available to the app with that package name
It is possible . For that you need to encrypt the data with some private key and write to SDCARD, when ever you want to process that data you have to decrypt it . So another app can't access your data without decrypt it.
Android Encryption Example.
store the files in the 'removable storage medium' -> sdcard and those files to stay available only to my app
I don't think so, For sdcard it is not possible.
The one way is store encrypted file in sdcard and key for it is you can put (keep) in your application's shared preference in private mode and decrypt the file from your application when you want to read it. But I think it some ugly way.