This is simply a question of best practices.
I would like to know which is a better way to manage db backups. The first option is to use the Android Backup Service. Now this initially seemed like a great idea, but apparently isn't supported by all phones/couriers? Also, the user would have had to enable backups in the phone's settings.
The other option is to simply copy the SQLite file to the SD card and vice versa. But this would mean anyone could pretty much open and use my database without my permission. It would also mean the user would lose all data if the SD card became corrupted or the phone was lost.
Any ideas and suggestions will be greatly appreciated.
Some ideas:
export the database as CSV/XML/JSON and have add import functionality
to your app
have your own server, and allow users to backup to it (you'll need to use SSL and some form of user authentication)
compress the db file and copy it to the SD card.
As for protecting it, how sensitive is it? You could have the user enter a password when they backup, and encrypt it if you feel you need to protect is.
Related
I have read the various question but couldn't get mine answered so I am starting this thread.
I have a requirement where in I'll get some secure data on SD cards. The app users will just plug in the shipped SD card and they should be able to access the content.
But we need to maintain the Digital Rights i.e. the data on the SD card should be only accessible to my application. No other application should be able to read this. Also, once the user license expires, the data will be wiped off.
Just wanted to add. We will be providing the device along with the application. So, we have control over the hardware.
So my questions are:
How to keep encrypted data[videos, text files, pdfs etc.] on SD card
How to restrict any other application to access this data
If the user breaks the root of the device, can I delete the
application and the data on the SD card?
Can any MDM help? I am open to suggestion. Are there any opensource
MDMs available?
I'm no expert in this area, but in my view:
1) Just encrypt it with a key only your app knows (ideally use a different key per install).
2) You can't, although if it's encrypted no other app can make sense of it.
3) No. The user could always plug the SD card into another device or PC card reader and copy it.
Victor - thank you (and the others) for the endorsement of my comment, hence this answer...
I have to persist 2 strings for my application even after the application is uninstalled. Regarding that the end users don't have SD cards for their devices and they don't have internet connection, how could I persist those 2 strings even after the app is uninstalled?
I would highly appreciate any response.
Thanks
Unless you're targeting VERY old phones, you don't need to worry about not having external storage. As long as you use Environment.getExternalStorageDirectory() as your reference, you shouldn't have a problem, though if you're absolutely concerned about this you can check if the external storage doesn't exist and then opt to go to internal storage. Check out this link from the developer docs for a little more insight.
If External truly isn't available, you could then save to Internal memory, but you will have to declare a new permission for that, which may ward off some people.
You have to write it to an SD card/internal storage, and hope the user does not remove that. However, this is a very fragile approach. There is no other solution, as far as I know.
Phones internal storage is also treated as an "SD card". If you create a folder and save it in a text file, it should be safe given user does not manually delete folders after uninstall.
Please check out a section "Saving files that should be shared" in the following web page. Making a file that persists after uninstall entails making it available to other apps/user to read and modify. If those file options aren't intended, you should consider an alternative app design.
http://developer.android.com/guide/topics/data/data-storage.html#filesInternal
After re-install, your app can access the created public directory by using the following function:
public static File getExternalStorageDirectory ()
Regarding the function above, per Google:
Note: don't be confused by the word "external" here. This directory can better be thought as media/shared storage. It is a filesystem that can hold a relatively large amount of data and that is shared across all applications (does not enforce permissions). Traditionally this is an SD card, but it may also be implemented as built-in storage in a device that is distinct from the protected internal storage and can be mounted as a filesystem on a computer.
Also, Google recomments placing shared files into a an existing public directory as to not pollute user's root namespace.
Are the strings unique to each user or are they app specific? In either case, the right thing to do would be to save it in some kind of remote server. Firebase is what I use for something like this. Check for its existence in your Application class and download and save it to SQLite if it doesn't exist. For user specific data however, you are going to need some kind of authentication so you know which user is getting what.Firebase does this perfectly well too.
Going by the requirements (no internet, no SD card) of the OP however,I don't see any other way besides one that isn't unethical.
I want to set read-only permission on external micro-sd card programatically, and user should not be able to access it form phone menu too.
or Is there another way to hide that, because client have a video folder which is played by only subscribed users, therefore i want that folder is either read-only or hidden for other users.
plz help .
That is not a sensible way to accomplish what you are trying to do. You should be storing the data encrypted and decrypting it strictly in your application. You will never get any kind of 'hiding' to work right.
You can't get any kind of this, So if possible store the video in internal storage (but if device can rooted then also user can access it), or store in a web server and at a play time play from web. And only option is as per David Schwartz suggested do encryption/Decryption for it.
It's not a reasonable way to say that I have some of my apps data in an sd-card, so no one else should access that!, Better try some alternative like encrypting your data, so that even if someone accessed, they must not be able to read it!
I want to save some files on SDCard which will be downloaded from net. The user should not be able to have direct access to it. I mean the file should be secure and it should not be transferred to other device and if its transferred then it should not be in readable format. Is there a particular directory on SDCard where these files can be saved and be secure too? Also this files should be automatically deleted on uninstall of the app. I guess there is a direct way of that in Android 2.2 but not below that. So, if someone has any idea of doing that then please let me know.
Encryption. If you're concerned about the user reading a file that's the closest answer you'll find -- but you need a secure way to store the decryption key also, which is not really attainable.
Realistically, anything that must not be viewed by the device owner must not be on the device.
If the files are in the physical possession of a dedicated user there is no practical way to make them impossible to copy. You can make them DIFFICULT to copy, but not impossible.
If you use encryption as #mah pointed out, and then don't store the key on the device: fetch the key from a server, retain it in memory and never write out the decrypted file or the key to disk you might be ok in deterring the casual pirate. The dedicated souls will figure it out.
i'm writing an application that needs to store some data,and picture. For example place's information. this information don't need to change very often. and
I have seen that databases are
stored under /data/data/package_name/databases
I decided to store my data under /data/data/package_name/files.
With the emulator i can see all these files (databases)
under the proposed directories but moving the application on a real
device and installing a file system browser i cannot see any file
under /data. i know that there are some security constrain in (not-rooted) device. However, are there any suggestion about the solution.. where can i store these data and how? because i'm quite new to android. Thanks so much for your help.
The reason you can't see it on the device is basically just as you said; the device isn't rooted, so other apps don't have access to the /data folder.
This is okay though, because you can still store your files there. Your app has access to anything under /data/data/package_name/, you just won't be able to see it in a file browser unless you root. This is normally a good thing, to keep average users from mucking around with your databases/files.
Read up more on storage methods here.