So I want to prevent people from copying files out of my app while it is running.
1) Is there an easier way to detect if files are being copied off my device than through checking if the adb daemon is running?
2) Is there an easy way to enumerate all processes running on the Android OS from an app?
I know Android is not a very secure system, but I would at least like to make it difficult for people to copy files off of my app.
EDIT
To clarify my problem, all the files I have stored on the disk are encrypted. My concern is that I need to unencrpyt these files when accessing them in my app. I am trying to prevent someone from stealing these files while the app is running. I already delete the unencrypted files if someone exits out of the app.
Also, I was focused on adb because I was considering trying to delete unencrypted files if connected by usb. However, I know you can still run adb over wifi on a rooted phone. Now that I think about it, you can probably transfer files over by wifi on a rooted phone as well.
Also, obviously not having the files on the device is not an option.
You seem focused on adb, for unknown reasons.
With respect to internal storage, users cannot copy files off of internal storage of a device using adb, unless the device is rooted. And if the device is rooted, they do not need adb to copy files.
With respect to external storage, that is specifically designed to allow any app, or the user, to copy files from it, again without adb.
Hence, trying to detect adb is pointless.
I know Android is not a very secure system, but I would at least like to make it difficult for people to copy files off of my app.
Then don't put the files on the device in the first place.
I'm not sure if you mean that a user would use your application and put his phone on USB mode and proceed to transfer file off your application folder while your application is still running ?
If some files are needed in order for your application to function at runtime, can't your just make them private to your application ? Like illustrated in this article. Or simply don't put files on the device :)
I'm not sure what "copying files out of my app" means (is your app designed to show/provide files, or are you referring to the resources and other files used by your app).
In any case, you're wasting your time. Android is a very open platform and (particularly on rooted devices) people will always find a way to copy data if they want to.
Related
I want to protect my application from being copied by users from device to another device. I know that wont be possible because once the apk is installed any third party application may be able to copy or extract the apk. I mostly care about the private data of the application rather than the apk itself. So, my questions are :
1- Can I protect the apk from being copied to another device by the user ?
2- If user copied an application from device to another (e.g. via third party app or by bluetooth) will he/she be able to copy the private data as well ? If yes, can I protect that ?
Thanks in advance.
To answer briefly, AFAIK, No.
Regarding the single questions:
if device is rooted it's really easy to access the /data/app/ dir and copy your apk, even on the device itself.
For un-rooted devices you need to issue some adb commands. For reference, look here:
https://stackoverflow.com/a/11013175/1865860
https://stackoverflow.com/a/17135554/1865860
How to get a list of installed android applications and pick one to run
the same applies to /data/data/com.example.app/ for the private app's data. Just different folder and possibly many files to copy.
Basically the difference it's not in having root or not, but in the ease of realization.
you can use google licence in your app even if its copied from rooted device it wont work until its downloaded from playstore
second /data/data/<packagename>/ can be copied from rooted device
When developing for Android I prefer just working with a real device plugged in most of the time since the Android emulators are such total garbage. The one pain point is when I want to access files and sqlite databases though. I believe with the adb shell it is possible to pull the database across, but this isn't a very convenient process.
I'm wondering if there are any tools on the market that allow you to see the database in real time, even if it requires rooting a device I'm open to it.
I am afraid that there are no tools that will let you see the db real time. You will need to get the db from the device and the see it on your system. You will have to root the phone and get SuperUser permission to access app databases. The database will (after getting root) then be available in the /data/data/com.your.application/databases folder.
Hi You don't have any tools to see the database in real times. But its achievable in rooted device. If your device is rooted just install root explorer app in it. and then browse for your package name in data/data/ location. There you will find out all the internal memory files including database files. hope this helps you.
My group and I have an application that will work with protected content files that could (or not) contain pretty sensitive information. So we have to ensure they will not be copied by the user.
This question is specifically about the micro USB port. Is there a way to programmatically block it so that the user will be unable to mount trough it to copy our files?
Any and all help/counsel/answers are appreciated. :)
Additional Information:The application will be pat of a custom home application, so we will have that to out advantage, if that is any help.
There is no 100% safe solution for file storage. If you store the files on the SDCard they will have zero protection. If you store them on the internal filesystem you will be protected by file system permissions, which will generally prevent other apps getting to your files. But if the user roots their phone, nothing will stop them getting the files off the phone. Most phones can be rooted.
If you want to protect the sensitive information from your users, look for a way to store it on the network instead. If you only want to protect against other apps, for users that haven't rooted, the internal filesystem should be good enough.
The above are correct and to add, suppose you do disable the USB? Then I'll just Bluetooth them off. Ah, you disabled Bluetooth. OK, I'll use ADB shell over WiFi. Damn, you thought of that too. OK, I'll copy them with Root Explorer to my Dropbox folder. Wait, you got me, I'll email them instead...
You get the picture ;)
I am of the opinion that there is no totally secure file in Android. It's just a question of how difficult you can make it to lock out the 99% of "average" crackers.
Does anyone know if it is possible to access the data files from another app on your app? Really just copying a directory plus contents. This is for a backup system. I am trying to create a backup system that works decently on non rooted phones. I currently can only copy data from my own app. I can't navigate further up the file system. Getting a permission denied.
No. AFAIK, Not possible on non-rooted phones. Android restricts access to only your app specific content.
I have an android application that gets invoked through ADB on a desktop machine. I have a properties file on the desktop machine which the android application somehow needs to be aware of, but they need to be external to the APK.
On the desktop (which will invoke the activities within the APK via ADB) I cannot easily repackage the APK with the .properties file and then re-install the APK on the phone (I tried this via aapt, but it is not preferable because it removes the signature on the APK and I cannot easily resign the apk on the particular desktop machine).
I would rather not pass them via intent extras, as there are a lot of them, and I cannot use adb shell setprop because it doesn't work while the phone is running. I also cannot put them on external storage because I am not guaranteed the phone will have an SD card. Can I put them in "internal storage" somewhere (if that exists) ?
I basically need to be able to pass numerous properties onto the device when I install the APK, but I cannot put them in the APK itself, and not all the devices will have SD cards.
Any ideas ?
Take a look at the method used here: android: transfer sqlite database from pc to device via usb programatically