Can users with a rooted device view files in the assets folder of my app?
I ask because I intend to place files there that can be accessed from the application, however they should not be viewable in any other way.
I am developing on Froyo 2.2
Yep, sure can. Assets is just another directory on the filesystem of the device. Permissions are enforced on those based on the underlying Linux permissions model, so anyone with access to root on the device can access anything on it.
There is an in-depth discussion of how the assets of applications are isolated/protected, as well as a discuss about how root can access them and how you can protect against this, in Application Security for the Android Platform (disclaimer: I'm the author of this book). Basically, if you're concerned about root having access to files within your application, you're going to want to encrypt them so even if root can get to them, they will not be readable. This approach has a lot of its own implementation problems, all centered on how you manage the keys used to encrypt/decrypt the files. While there are things you can do to make it much more difficult for someone with root to get as your application's files, you cannot make this impossible as root users have full control over the device and everything on it.
Its not possible to prevent anyone getting to your assets.
Related
Well hello, im working on a app that take a picture and then save it into the external storage, the problem that i get is when i use a external app, to clean up the cell phone memory, this kind of apps get into the folder where the pictures located, then deleted everything on it, i realy don't have any idea to protect them.
sorry for the problems with my English is not my native tongue
I think the problem is not yours. The problem is your cleaner's. Modify the cleaner's settings. Android cleaner like Clean Master is just weird. I don't know what kind of cleaning they do! Once they deleted my 150+ apps from my SD Card. So, if you are tensed about protecting your files from being deleted then it is worthless. You can't. Ok, think, a user is not using any cleaner to keep his/her phone tidy. But what will you do or how you will protect your files when the user is going to delete those files himself/herself?
The one thing you can do is - by achieving SuperUser permission from a user, you can just modify the SD Card's W/O or R/O system. But it has also some disadvantages. If you do something lile this, then you app may be introduced as a malicious program by your user. So, afterall, the answer is it isn't possible...
You should use:
getFilesDir()
This folder is located inside Android/data/data/your_package/ so no app except yours has access to it (unless it has root permission).
The idea is that.
My application allows user to listen to music and watch videos from the social network. User can save these files in cache to be able to play them offline. This data is saved to SD-card and can be accessed by file managers e t.c.
I want to limit access to these files to other application. The most obvious solution is data encryption.
Can you please recommend me some libraries or frameworks for quick file encryption/decription? It is very desirable to encrypt files "on the fly" during the are loading.
Would this procedure be too slow and resource intensive?
May be there exist some other ways - protected folder in the SD filesystem or something like that?
Yes there is a more standard way to do this.
By using openFileInput on your Context and setting the MODE_PRIVATE flag, you will be able to create files and even folders within your application. Also, these resources will be completely private to your application.
EDIT :
Most of the time, these files will be stored in /data/data/<app_package_name>/files. That is, on the phone memory most of the time, although this is implementation specific.
Regarding the comment of #Carlos mentionning file spamming, yeah you can flood the NAND with multiple files, but /data will be in most cases mounted on a dedicated partition. So you'll be hitting the virtual size of the partition at some point. Please look at this post, the accepted answer gives more details about this.
In fewer words, this is implementation specific (depends on the manufacturer).
Your only option would be to use Encryption, if you want to keep using the external storage. SpongyCastle can help with that. It is an android version of the BouncyCastle APIs.
Apart from that, you could move your files to the internal storage, which may not be feasible in your case as media files tend to be big, and internal storage on most devices is very limited. Even if you do move them to internal storage, any rooted user can access them (or any app with root privileges).
Protecting the folder isn't an option, as anything on the external storage is available to any app with permission to access the external storage. There is nothing you can do about that.
I am messing around with node.js on Android through this project, and I need a way to deploy js files to a private directory (to hide the source code, and prevent users from tampering) which also physically exists on the filesystem (an apparent requirement for node.js).
Is it correct to place my javascript files in /data/data/com.skabbes.android/node_modules? And if not, what would be the correct way to accomplish my goal?
Well, if you are wanting to store something on the internal storage, it is not recommended to use an absolute path like /data/data/..../ because while that may be the correct path, it can potentially change with different devices or different Android versions because /data/data/ the internal file structure is not specified in official Android documentation.
I also want to point out that even if you are storing information in the /data/ directory it is still possible that someone could access it if they have a rooted phone.
But, what you should do is see This. That will save information on the internal storage of the device and neither the user nor other apps can access the files you save with that method unless the device is rooted.
You should use the getFilesDir() method of Context which basically abstracts the absolute path.
It will most probably be something like /data/data/<package-name>/files but it's a better way to make sure your app is compatible with all versions of Android and all devices.
i'm writing an application that needs to store some data,and picture. For example place's information. this information don't need to change very often. and
I have seen that databases are
stored under /data/data/package_name/databases
I decided to store my data under /data/data/package_name/files.
With the emulator i can see all these files (databases)
under the proposed directories but moving the application on a real
device and installing a file system browser i cannot see any file
under /data. i know that there are some security constrain in (not-rooted) device. However, are there any suggestion about the solution.. where can i store these data and how? because i'm quite new to android. Thanks so much for your help.
The reason you can't see it on the device is basically just as you said; the device isn't rooted, so other apps don't have access to the /data folder.
This is okay though, because you can still store your files there. Your app has access to anything under /data/data/package_name/, you just won't be able to see it in a file browser unless you root. This is normally a good thing, to keep average users from mucking around with your databases/files.
Read up more on storage methods here.
I am newbie to the platform of android. I am intending to make an application that will protected your desired folders and files through password to keep it access limited to your application. You cant access the content through file explorers on android and via SD card reader. I also want to know how to make a background service that cant be killed by task killers.
Looking forward for your comments and reply
Best Regards,
I am intending to make an application that will protected your desired folders and files through password to keep it access limited to your application. You cant access the content through file explorers on android and via SD card reader.
What you want is impossible, except perhaps via firmware modifications, since it is a massive security violation.