My group and I have an application that will work with protected content files that could (or not) contain pretty sensitive information. So we have to ensure they will not be copied by the user.
This question is specifically about the micro USB port. Is there a way to programmatically block it so that the user will be unable to mount trough it to copy our files?
Any and all help/counsel/answers are appreciated. :)
Additional Information:The application will be pat of a custom home application, so we will have that to out advantage, if that is any help.
There is no 100% safe solution for file storage. If you store the files on the SDCard they will have zero protection. If you store them on the internal filesystem you will be protected by file system permissions, which will generally prevent other apps getting to your files. But if the user roots their phone, nothing will stop them getting the files off the phone. Most phones can be rooted.
If you want to protect the sensitive information from your users, look for a way to store it on the network instead. If you only want to protect against other apps, for users that haven't rooted, the internal filesystem should be good enough.
The above are correct and to add, suppose you do disable the USB? Then I'll just Bluetooth them off. Ah, you disabled Bluetooth. OK, I'll use ADB shell over WiFi. Damn, you thought of that too. OK, I'll copy them with Root Explorer to my Dropbox folder. Wait, you got me, I'll email them instead...
You get the picture ;)
I am of the opinion that there is no totally secure file in Android. It's just a question of how difficult you can make it to lock out the 99% of "average" crackers.
Related
So, I want to read a very specific file from any connected USB OTG drive. It's a text file that should be stored on a USB stick and I need to read that file, which has a specific name, say myFile.txt. While I understand this kind of getting user input is dumb and not user-friendly, it's what I'm told to implement.
But my problem is, that there are many mount points for USB Drives. on my phone it's /storage/USBStorage1, while on my friend's it's /storage/[HEX_ID]. I tried to get all of them, but it's not possible. in Nexus phones it mounts on /mnt/media_rw/[HEX_ID] which requires root access.
I searched around a little and found SAF, but I didn't find anything on how to use it to open any file without user's direct selection. I don't want the picker to show up. I just want to check if [USB_OTG_PATH]/myFile.txt exists or not, and if it exists I want to read it.
And on a sidenote, do I need to have root acces to read /mnt folders (except media_rw)?
I didn't find anything on how to use it to open any file without user's direct selection
That is because there is no option for this.
I just want to check if [USB_OTG_PATH]/myFile.txt exists or not, and if it exists I want to read it.
That is not supported.
If your file is located in one of the directories returned by getExternalFilesDirs(), getExternalCacheDirs(), and getExternalMediaDirs(), then you can access it directly using normal Java file I/O. However, AFAIK, that directory needs to be created as part of running your app — another developer ran into problems trying to create the directories ahead of time. So, for your use case, this approach is unlikely to be practical, though with luck I am wrong and it proves useful to you.
do I need to have root acces to read /mnt folders (except media_rw)?
In general, yes, though in practice the answer varies by device, Android OS version, etc.
The idea is that.
My application allows user to listen to music and watch videos from the social network. User can save these files in cache to be able to play them offline. This data is saved to SD-card and can be accessed by file managers e t.c.
I want to limit access to these files to other application. The most obvious solution is data encryption.
Can you please recommend me some libraries or frameworks for quick file encryption/decription? It is very desirable to encrypt files "on the fly" during the are loading.
Would this procedure be too slow and resource intensive?
May be there exist some other ways - protected folder in the SD filesystem or something like that?
Yes there is a more standard way to do this.
By using openFileInput on your Context and setting the MODE_PRIVATE flag, you will be able to create files and even folders within your application. Also, these resources will be completely private to your application.
EDIT :
Most of the time, these files will be stored in /data/data/<app_package_name>/files. That is, on the phone memory most of the time, although this is implementation specific.
Regarding the comment of #Carlos mentionning file spamming, yeah you can flood the NAND with multiple files, but /data will be in most cases mounted on a dedicated partition. So you'll be hitting the virtual size of the partition at some point. Please look at this post, the accepted answer gives more details about this.
In fewer words, this is implementation specific (depends on the manufacturer).
Your only option would be to use Encryption, if you want to keep using the external storage. SpongyCastle can help with that. It is an android version of the BouncyCastle APIs.
Apart from that, you could move your files to the internal storage, which may not be feasible in your case as media files tend to be big, and internal storage on most devices is very limited. Even if you do move them to internal storage, any rooted user can access them (or any app with root privileges).
Protecting the folder isn't an option, as anything on the external storage is available to any app with permission to access the external storage. There is nothing you can do about that.
So I want to prevent people from copying files out of my app while it is running.
1) Is there an easier way to detect if files are being copied off my device than through checking if the adb daemon is running?
2) Is there an easy way to enumerate all processes running on the Android OS from an app?
I know Android is not a very secure system, but I would at least like to make it difficult for people to copy files off of my app.
EDIT
To clarify my problem, all the files I have stored on the disk are encrypted. My concern is that I need to unencrpyt these files when accessing them in my app. I am trying to prevent someone from stealing these files while the app is running. I already delete the unencrypted files if someone exits out of the app.
Also, I was focused on adb because I was considering trying to delete unencrypted files if connected by usb. However, I know you can still run adb over wifi on a rooted phone. Now that I think about it, you can probably transfer files over by wifi on a rooted phone as well.
Also, obviously not having the files on the device is not an option.
You seem focused on adb, for unknown reasons.
With respect to internal storage, users cannot copy files off of internal storage of a device using adb, unless the device is rooted. And if the device is rooted, they do not need adb to copy files.
With respect to external storage, that is specifically designed to allow any app, or the user, to copy files from it, again without adb.
Hence, trying to detect adb is pointless.
I know Android is not a very secure system, but I would at least like to make it difficult for people to copy files off of my app.
Then don't put the files on the device in the first place.
I'm not sure if you mean that a user would use your application and put his phone on USB mode and proceed to transfer file off your application folder while your application is still running ?
If some files are needed in order for your application to function at runtime, can't your just make them private to your application ? Like illustrated in this article. Or simply don't put files on the device :)
I'm not sure what "copying files out of my app" means (is your app designed to show/provide files, or are you referring to the resources and other files used by your app).
In any case, you're wasting your time. Android is a very open platform and (particularly on rooted devices) people will always find a way to copy data if they want to.
I want to save some files on SDCard which will be downloaded from net. The user should not be able to have direct access to it. I mean the file should be secure and it should not be transferred to other device and if its transferred then it should not be in readable format. Is there a particular directory on SDCard where these files can be saved and be secure too? Also this files should be automatically deleted on uninstall of the app. I guess there is a direct way of that in Android 2.2 but not below that. So, if someone has any idea of doing that then please let me know.
Encryption. If you're concerned about the user reading a file that's the closest answer you'll find -- but you need a secure way to store the decryption key also, which is not really attainable.
Realistically, anything that must not be viewed by the device owner must not be on the device.
If the files are in the physical possession of a dedicated user there is no practical way to make them impossible to copy. You can make them DIFFICULT to copy, but not impossible.
If you use encryption as #mah pointed out, and then don't store the key on the device: fetch the key from a server, retain it in memory and never write out the decrypted file or the key to disk you might be ok in deterring the casual pirate. The dedicated souls will figure it out.
i'm writing an application that needs to store some data,and picture. For example place's information. this information don't need to change very often. and
I have seen that databases are
stored under /data/data/package_name/databases
I decided to store my data under /data/data/package_name/files.
With the emulator i can see all these files (databases)
under the proposed directories but moving the application on a real
device and installing a file system browser i cannot see any file
under /data. i know that there are some security constrain in (not-rooted) device. However, are there any suggestion about the solution.. where can i store these data and how? because i'm quite new to android. Thanks so much for your help.
The reason you can't see it on the device is basically just as you said; the device isn't rooted, so other apps don't have access to the /data folder.
This is okay though, because you can still store your files there. Your app has access to anything under /data/data/package_name/, you just won't be able to see it in a file browser unless you root. This is normally a good thing, to keep average users from mucking around with your databases/files.
Read up more on storage methods here.