I want to use an SQLite database in Android. I have few questions:
Is there a maximum size of database?
How secure is the data?
Where is the database stored?
How long will the data will remain on the phone?
Theoretically, it is calculated as 35 trillion bytes which should be way more than enough for your application because there's always limit to phone's memory. In short, you shouldn't be asking this question for a mobile app :)
If your phone is not rooted then the database stored in phone's internal memory is residing in the most secure storage area. Rooted phone does not offer any security to any file with in internal or external storage medium
If you don't provide any path, then the default/ideal location is phone's internal memory. And the file is placed inside data/data/package_name/database_file. This can be observed on emulator by exploring DDMS -> FileExplorer. If you save the file on other storage mediums, like sd-card, then of course it means you know where you are saving it :)
As long as your phone is functional and you don't wipe the app's cache, uninstall the app or do factory reset. No guarantees if you burn, crush, or spill water on your phone :)
Ok.. I will try and answer most of your questions..
1) Is the Data secure - Android stores app specific data in its app specific location and access is provided to only that application. So, we can say, its pretty secure, because no other app can read your app's data, unless access is provided to 2 applications having a same package name.
2) Location where db is stored - its under data\data\databases\packagename*.db
3) The data will remain on phone, unless the app is uninstalled / android crashes, in which case you would have to clear the phone cache and app cache, thus removing everything from android's inertnal phone memory.
Related
I'm new to Android and extremely confused about storage.
I have 4GB of internal storage on my Chromecast.
I plugged in a USB and formatted it as a storage device.
After that I enabled force push installs to external in the developer settings.
The drive name shows under the settings as USB Drive, however when I load File Commander App it's not showing at all.
When I used Termux and took a look at /mnt/sdcard/Android/obb to find a large OBB, it seems to be showing at exactly the same directory as /storage/shared/Android/obb.
So where exactly is internal storage and external storage?
How can I move files between them if I can't do so using File Commander?
In short, Internal Storage is for apps to save sensitive data to which other apps and users cannot access. However, Primary External Storage is part of built-in storage which can be accessed (for read-write) by the user and other apps but with permissions
Internal vs external storage is kind of a distinction that didn't go the way it was expected to go. I think originally it was meant to be phone storage vs SD drives, but it moved away from that. Now internal storage is special storage for an app held in phone memory. Its limited in size per app, but you should reliably be able to hold that amount. No other app can read this (unless your phone is rooted).
External storage is unlimited, but theoretically may be less reliable? You may also not be able to get any, if the device is out of space. But its not really removable anymore, so you can count on it staying there. It also is specific to your app and no other app can read it.
Then there's a few special folders in external storage anyone can access. Downloads, photos, etc. These work like external storage but data stored there can be accessed by other apps.
None of the app specific storage will show on file picker, because other apps don't have access. Unless you're rooted, in which case the rules can change. Or if you're using ADB and debugging.
As for where the actual folders are on disk- that can change depending on model. You can't depend on exact directory structure on Android. When you're writing a program that's why you use getFilesDir and getExternalFilesDir.
(If you're wondering why they still have a difference between the two- I don't know other than inertia. They've killed every difference between them, the little difference left may as well be killed to make programming simpler IMHO).
Is it possible to access the same local storage from a mobile app (ios/android) and a website? For eg, test.com stores value A in local storage and then would the mobile app be able to access this value?
HTML5 local storage API does not dictate the internal storage format. Therefore it will lead to ad-hoc code to use the internal storage format. Portability across browsers can be a problem because of lack of internal format specification. If your mobile app (native app) writes something to the local storage you should ensure the format is 100% compliant with the browser's internal storage format because you don't want the browser to be confused with the data when the browser has to read it. There can be surprises when both the browser app and the mobile app are running because both of them can update the data. Who wins if there are conflicting updates? How do you ensure data writes do not end up in garbled file in case both browser and mobile app happen to write data at the same time? How do you protect against such race conditions? At least HTML5 has no locking mechanism! Looking at all this complexity I believe it is not worth the complexity and the pain!!
I don't think your standalone web app will have access to the same data that you stored from the browser.
At least in the case of standalone app this data is stored in an sqlite3 db that is inside that applications internal storage folder so something like /data/data/com.your.package/databases/webdata.db I forget the precise name, but it's in a db there somewhere.
The browser I would assume does something similar but stores it inside of it's own storage area /data/data/com.android.browser/databases/. I don't think the browser or stand alone apps would take the time to go through all of the db's for every possible application on the phone to find the data. (if it even could, I think those files are actually private to the specific application on a stock device)
EDIT: The results are in.
No your app cannot access the key/value pairs that were stored from the stock browser (or any other browser for that matter). Nor vice versa, no other browser can access the data that your stand alone app stored.
I have read the various question but couldn't get mine answered so I am starting this thread.
I have a requirement where in I'll get some secure data on SD cards. The app users will just plug in the shipped SD card and they should be able to access the content.
But we need to maintain the Digital Rights i.e. the data on the SD card should be only accessible to my application. No other application should be able to read this. Also, once the user license expires, the data will be wiped off.
Just wanted to add. We will be providing the device along with the application. So, we have control over the hardware.
So my questions are:
How to keep encrypted data[videos, text files, pdfs etc.] on SD card
How to restrict any other application to access this data
If the user breaks the root of the device, can I delete the
application and the data on the SD card?
Can any MDM help? I am open to suggestion. Are there any opensource
MDMs available?
I'm no expert in this area, but in my view:
1) Just encrypt it with a key only your app knows (ideally use a different key per install).
2) You can't, although if it's encrypted no other app can make sense of it.
3) No. The user could always plug the SD card into another device or PC card reader and copy it.
Victor - thank you (and the others) for the endorsement of my comment, hence this answer...
I am downloading files from a remote server to be saved for use on an android device. These files are mostly images and audio but I would like it so that a user cannot access this data using methods other than the app.
The issue is that these files could be large and that's why I use external storage. The problem here is that users can access the data stored on external storage by hooking the phone up to a computer.
Apart from using internal storage, do I have any options to secure the files written to disk?
If I do have to use internal storage, are there any other disadvantages other than the fact that some users might have a small amount of internal storage?
Thanks for your time! Any help will be much appreciated! :)
EDIT 1 :
The data being downloaded is paid content (via In App Billing). This is why I'm concerned about restricting access.
EDIT 2 :
I am already adding a "." before the folder I'm saving my data to. I'm more concerned about 'power' users who would know to look in hidden folders.
Seems like you are populating app's cache from web. It is always recommended to use external storage for such purposes because some users may not have enough internal memory to accommodate this.
Since you downloading includes images and audios, i wouldn't suggest you to use encryption/decryption as it will slow down the app's processing. So there's nothing much you can do to secure your data if you want to put on external memory and skip its encryption.
I personally don't think any harm/disadvantage to leave such data as it is (not encrypted). But if you have some of the files important, perhaps you may perform encryption on those particular files only.
I'm trying to debug an android application's database on a real phone. Where can i find any individual application's databases on a real android phone?
Similar to /data/databases on the emulator i tried searching under the /data on my atrix, and i don't find anything under it and i would like to debug databases on the real device.
A second question is does the contact app stores the data at google servers (right / wrong). I beleive this would be the case, but was wondering if they also cache the contact databases in every individual phone to speed up access. please correct me if i'm wrong.
I believe the databases folder is still there on your real phone, but you don't have access to it due to permissions. Database files can only be accessed by the app that owns them so you can't browse all of them unless you have root access.
The contact app stores data on your phone's internal memory so that you can access it without an internet connection. Some android devices (e.g. tabs) do not have internet access, and it's possible to query your contacts list using these devices.