I want to set read-only permission on external micro-sd card programatically, and user should not be able to access it form phone menu too.
or Is there another way to hide that, because client have a video folder which is played by only subscribed users, therefore i want that folder is either read-only or hidden for other users.
plz help .
That is not a sensible way to accomplish what you are trying to do. You should be storing the data encrypted and decrypting it strictly in your application. You will never get any kind of 'hiding' to work right.
You can't get any kind of this, So if possible store the video in internal storage (but if device can rooted then also user can access it), or store in a web server and at a play time play from web. And only option is as per David Schwartz suggested do encryption/Decryption for it.
It's not a reasonable way to say that I have some of my apps data in an sd-card, so no one else should access that!, Better try some alternative like encrypting your data, so that even if someone accessed, they must not be able to read it!
Related
I need to store the list of downloaded image in device.I need to know what is the best way for storing images.If i store it in sd card when the user removes the sd card from device.In that situation how to overcome this problem.
If you are bothering about the sdCard removal then only on option is available to save on phone memory that is always available.
Or if you have Internet available what about moving to cloud ???
but if the main concern is security of Images you can go with the answer of user #shree202
For the security purpose you can change the extension
Say From JPG ==>> .db
it is use less for other applications and also user manually can't change the extension
and also for more secure way You can encrypt it by changing it to byte.
If you are going to open the images right from your own application, then, you can remove the extension of the image file and then save. After that, while accessing the image you can get the file list and display it again in your application by appending the file extension.
I'm developing an app that would have an In-app purchase and download Videos from my server and store them on the device.
The problem is, the Videos are paid videos and are to be maintained in a highly secure place inside the app itself.
What are the possibilities of doing it? I had a look at setting android:exported="false", but it just restricts other apps to access my app's data. But how do I store the videos in a place which are restricted to be viewed by default even when connecting the device to a PC?
Are the apps allowed to store data in the device's \data folder? If so, please tell me how!
You can store files in your app's data folder, and as long as the phone isn't rooted, only your app should be able to access them.
However. The local storage on phones is generally limited, so storing videos there is a bad idea. Also, unless you're integrating your own video player, you might have issues trying to get the phone to play videos in your private folder.
To speak to the security issue, I'd suggest trying to keep them on the sd card, and experiment with either encrypting them, so they can't be read raw from disk, or (possibly) experimenting with file permissions, although I doubt the latter would work.
To do the encryption, I'd download the video, encrypt it and save it to the sd card. When you want to watch, decrypt and temporarily save to local storage for viewing. Not sure what kind of performance that will get, though. Plus, if you're relying on the OS to play your videos, you could have the same permission issues mentioned above. Depending on how critical this all is, you could explore something where the file/folder structure is obscured, so getting at them manually is more complex. Won't prevent all grab attempts, but will deter casual users.
This is simply a question of best practices.
I would like to know which is a better way to manage db backups. The first option is to use the Android Backup Service. Now this initially seemed like a great idea, but apparently isn't supported by all phones/couriers? Also, the user would have had to enable backups in the phone's settings.
The other option is to simply copy the SQLite file to the SD card and vice versa. But this would mean anyone could pretty much open and use my database without my permission. It would also mean the user would lose all data if the SD card became corrupted or the phone was lost.
Any ideas and suggestions will be greatly appreciated.
Some ideas:
export the database as CSV/XML/JSON and have add import functionality
to your app
have your own server, and allow users to backup to it (you'll need to use SSL and some form of user authentication)
compress the db file and copy it to the SD card.
As for protecting it, how sensitive is it? You could have the user enter a password when they backup, and encrypt it if you feel you need to protect is.
I want to save some files on SDCard which will be downloaded from net. The user should not be able to have direct access to it. I mean the file should be secure and it should not be transferred to other device and if its transferred then it should not be in readable format. Is there a particular directory on SDCard where these files can be saved and be secure too? Also this files should be automatically deleted on uninstall of the app. I guess there is a direct way of that in Android 2.2 but not below that. So, if someone has any idea of doing that then please let me know.
Encryption. If you're concerned about the user reading a file that's the closest answer you'll find -- but you need a secure way to store the decryption key also, which is not really attainable.
Realistically, anything that must not be viewed by the device owner must not be on the device.
If the files are in the physical possession of a dedicated user there is no practical way to make them impossible to copy. You can make them DIFFICULT to copy, but not impossible.
If you use encryption as #mah pointed out, and then don't store the key on the device: fetch the key from a server, retain it in memory and never write out the decrypted file or the key to disk you might be ok in deterring the casual pirate. The dedicated souls will figure it out.
i'm writing an application that needs to store some data,and picture. For example place's information. this information don't need to change very often. and
I have seen that databases are
stored under /data/data/package_name/databases
I decided to store my data under /data/data/package_name/files.
With the emulator i can see all these files (databases)
under the proposed directories but moving the application on a real
device and installing a file system browser i cannot see any file
under /data. i know that there are some security constrain in (not-rooted) device. However, are there any suggestion about the solution.. where can i store these data and how? because i'm quite new to android. Thanks so much for your help.
The reason you can't see it on the device is basically just as you said; the device isn't rooted, so other apps don't have access to the /data folder.
This is okay though, because you can still store your files there. Your app has access to anything under /data/data/package_name/, you just won't be able to see it in a file browser unless you root. This is normally a good thing, to keep average users from mucking around with your databases/files.
Read up more on storage methods here.