I am messing around with node.js on Android through this project, and I need a way to deploy js files to a private directory (to hide the source code, and prevent users from tampering) which also physically exists on the filesystem (an apparent requirement for node.js).
Is it correct to place my javascript files in /data/data/com.skabbes.android/node_modules? And if not, what would be the correct way to accomplish my goal?
Well, if you are wanting to store something on the internal storage, it is not recommended to use an absolute path like /data/data/..../ because while that may be the correct path, it can potentially change with different devices or different Android versions because /data/data/ the internal file structure is not specified in official Android documentation.
I also want to point out that even if you are storing information in the /data/ directory it is still possible that someone could access it if they have a rooted phone.
But, what you should do is see This. That will save information on the internal storage of the device and neither the user nor other apps can access the files you save with that method unless the device is rooted.
You should use the getFilesDir() method of Context which basically abstracts the absolute path.
It will most probably be something like /data/data/<package-name>/files but it's a better way to make sure your app is compatible with all versions of Android and all devices.
Related
So, I want to read a very specific file from any connected USB OTG drive. It's a text file that should be stored on a USB stick and I need to read that file, which has a specific name, say myFile.txt. While I understand this kind of getting user input is dumb and not user-friendly, it's what I'm told to implement.
But my problem is, that there are many mount points for USB Drives. on my phone it's /storage/USBStorage1, while on my friend's it's /storage/[HEX_ID]. I tried to get all of them, but it's not possible. in Nexus phones it mounts on /mnt/media_rw/[HEX_ID] which requires root access.
I searched around a little and found SAF, but I didn't find anything on how to use it to open any file without user's direct selection. I don't want the picker to show up. I just want to check if [USB_OTG_PATH]/myFile.txt exists or not, and if it exists I want to read it.
And on a sidenote, do I need to have root acces to read /mnt folders (except media_rw)?
I didn't find anything on how to use it to open any file without user's direct selection
That is because there is no option for this.
I just want to check if [USB_OTG_PATH]/myFile.txt exists or not, and if it exists I want to read it.
That is not supported.
If your file is located in one of the directories returned by getExternalFilesDirs(), getExternalCacheDirs(), and getExternalMediaDirs(), then you can access it directly using normal Java file I/O. However, AFAIK, that directory needs to be created as part of running your app — another developer ran into problems trying to create the directories ahead of time. So, for your use case, this approach is unlikely to be practical, though with luck I am wrong and it proves useful to you.
do I need to have root acces to read /mnt folders (except media_rw)?
In general, yes, though in practice the answer varies by device, Android OS version, etc.
The idea is that.
My application allows user to listen to music and watch videos from the social network. User can save these files in cache to be able to play them offline. This data is saved to SD-card and can be accessed by file managers e t.c.
I want to limit access to these files to other application. The most obvious solution is data encryption.
Can you please recommend me some libraries or frameworks for quick file encryption/decription? It is very desirable to encrypt files "on the fly" during the are loading.
Would this procedure be too slow and resource intensive?
May be there exist some other ways - protected folder in the SD filesystem or something like that?
Yes there is a more standard way to do this.
By using openFileInput on your Context and setting the MODE_PRIVATE flag, you will be able to create files and even folders within your application. Also, these resources will be completely private to your application.
EDIT :
Most of the time, these files will be stored in /data/data/<app_package_name>/files. That is, on the phone memory most of the time, although this is implementation specific.
Regarding the comment of #Carlos mentionning file spamming, yeah you can flood the NAND with multiple files, but /data will be in most cases mounted on a dedicated partition. So you'll be hitting the virtual size of the partition at some point. Please look at this post, the accepted answer gives more details about this.
In fewer words, this is implementation specific (depends on the manufacturer).
Your only option would be to use Encryption, if you want to keep using the external storage. SpongyCastle can help with that. It is an android version of the BouncyCastle APIs.
Apart from that, you could move your files to the internal storage, which may not be feasible in your case as media files tend to be big, and internal storage on most devices is very limited. Even if you do move them to internal storage, any rooted user can access them (or any app with root privileges).
Protecting the folder isn't an option, as anything on the external storage is available to any app with permission to access the external storage. There is nothing you can do about that.
Is it possible to call or access HTML file which exists in another apk ?
example:
lets assume one.apk has index.html in its assest folder
is it possible to access the index.html in another web view ?
or is there any workaround for this problem ?
On current android devices, .apk files (at least those under /data and /system) are world readable. The /data directory is not listable, so you need the full and specific path of an apk to access it. Currently this can be found in /data/system/packages.xml
If you want to access it with a web view, you will probably first have to track it down and extract your own copy from the apk, by treating it as a zip file, then point your webview at that.
Of course this is not official functionality - it could go away, so best not to rely on it. The more important point is you must not rely on someone not doing this to your apk, because they actually can.
The answer is No Never..
The security architecture of the Android will not allow one application to access resources of another application.
Every application is treated as different users. Can a user access the personal files of another user in your desktop machine when protected?? Same goes here.
No, Its not possible. Its private to only that .apk. So in other .apk file you can't. Its all about Android Application Security concern.
Or something for try, (I am not sure this one help you or not) The Resources object gives you access to assets. PackageManager can give you access to the Resources for an application.
Can users with a rooted device view files in the assets folder of my app?
I ask because I intend to place files there that can be accessed from the application, however they should not be viewable in any other way.
I am developing on Froyo 2.2
Yep, sure can. Assets is just another directory on the filesystem of the device. Permissions are enforced on those based on the underlying Linux permissions model, so anyone with access to root on the device can access anything on it.
There is an in-depth discussion of how the assets of applications are isolated/protected, as well as a discuss about how root can access them and how you can protect against this, in Application Security for the Android Platform (disclaimer: I'm the author of this book). Basically, if you're concerned about root having access to files within your application, you're going to want to encrypt them so even if root can get to them, they will not be readable. This approach has a lot of its own implementation problems, all centered on how you manage the keys used to encrypt/decrypt the files. While there are things you can do to make it much more difficult for someone with root to get as your application's files, you cannot make this impossible as root users have full control over the device and everything on it.
Its not possible to prevent anyone getting to your assets.
i'm writing an application that needs to store some data,and picture. For example place's information. this information don't need to change very often. and
I have seen that databases are
stored under /data/data/package_name/databases
I decided to store my data under /data/data/package_name/files.
With the emulator i can see all these files (databases)
under the proposed directories but moving the application on a real
device and installing a file system browser i cannot see any file
under /data. i know that there are some security constrain in (not-rooted) device. However, are there any suggestion about the solution.. where can i store these data and how? because i'm quite new to android. Thanks so much for your help.
The reason you can't see it on the device is basically just as you said; the device isn't rooted, so other apps don't have access to the /data folder.
This is okay though, because you can still store your files there. Your app has access to anything under /data/data/package_name/, you just won't be able to see it in a file browser unless you root. This is normally a good thing, to keep average users from mucking around with your databases/files.
Read up more on storage methods here.