Please tell me how to protect our resource in a apk package.
With a simple rename-extract process, any one can copy and thief application drawable resource like images or soundFX files.
My question is, is there any way to protect drawable resource in a Android application?
The drawable needs to be accessible to the operating system, so it has to be readable.
If you really want to keep it secure, you could consider storing it encrypted as a raw asset, then load it, decrypt it into a ByteStream and pass it into the BitmapFactory. That, of course, has slight performance ramifications and will force you to hand-code a lot of stuff that you could have easily done in XML otherwise.
That all aside, there are many ways to steal data - if it's a drawable, people could just take a screenshot.
My question is, is there any way to protect drawable resource in a Android application?
No. Resources are world-readable by design. Even if you were to not package the "images or soundFX files" as resources but were to download them on first run, users with root access could still get to the files.
Since this is not significantly different than any other popular operating system humanity has developed, it is unclear why you think this is an Android problem. Sufficiently interested users can get at your "images or soundFX files" on iOS, Windows, OS X, Linux, and so on. Even Web apps are not immune.
I think it's possible to protect resources. In fact there's low-level class/routine to read resources: AssetManager - ordinary Resources class sits on top those AssetManager. So to protect resource one can scramble resources and read/unscramble them using AssetManager low-level methods: look here
Related
I am working on a localization strategy for our Android product. Once the core product is installed, I would like the user to be able to download additional language packs. Our resources are mainly strings. Essentially, I would like to keep the external file in xml format, similar to how it is done for embedded resources. This way, the translators can also test their translations right away and there won't be any need for sending them back-n-forth.
I am wondering if anyone has done something similar? The biggest challenge I see is that for embedded resources, the key gets converted to a numeric value. For example, getString(R.string.hello) may not work.
On second thought, it would be nice if I can compile the external resource file, similar to what Android framework does when building the .apk file.
I need to use image resources from an iOS application that I'm porting to Android. Unfortunately they all have dashes in the file name, which causes errors.
I can't rename the resources because they're shared with the iOS codebase, and having duplicate resources is a no-go.
Is there a way I can get around this naming requirement?
There's no way to get around the naming requirement, but you could use symlinks.
(I'm a bit confused, though, and kind of assume you must already be either copying the files or using symlinks. How else could you build both your Android and iOS apps, given the different directory structures required for each?)
I have a non-standard Android application that has a requirement to load resources from an external file that is not part of the application apk. These resources will be packaged separately and delivered as its own package.
There are a few different types of items that will be part of this external resource bundle. One of those items includes the localized strings.xml file. This philosophy allows the change of a string / translation that does not affect the deployment of the application (in other words, application.apk stays in tact, but the only difference is a new strings.xml).
I've been searching around, and this doesn't seem possible. Is there any way? Or does this philosophy mean completely abandoning the resources all together and writing a custom layer to pull these strings and other external resources from a file?
The application is for Honeycomb platform.
Thanks in advance for any advise.
The best way to do this, I think, is to package your resources as a ContentProvider. See the guide topic Content Providers for how to get started doing this.
I'm porting a rather large game engine written in C++ from Windows/Mac to Android. There is a lot of pre-existing code to read assets for games. In addition, there is quite a bit of code doing file system calls (stat'ing the files to make sure they exist, looking up all of the files and directories inside of a directory, etc.)
Right now, I'm focusing on just getting something up and running as quickly as possible, so I'd prefer not to have to rewrite a lot of this. What would be a good way of getting our game assets onto the device and accessing them with minimal changes to our existing standard C++ file system API usage?
I've got some basic support implemented already using the Asset Manager API, but that doesn't support the file system calls and I'm concerned that the 1 MB asset size limit is going to bite me at some point.
I've also looked at OBB, but the tools for creating an OBB file don't look like they are part of the current SDK/NDK. Otherwise, that looks like it would be perfect.
Is it a horrible idea to package up all of the files and just extract them on the SD Card the first time the app is run? Or is there some better way of dealing with this?
Update: I'm also not very concerned on being able to run on a broad range of devices, I am specifically looking at newish tablets, probably the 10.1" Samsung Galaxy tab.
We ran into a similar problem in developing our (data-file-heavy) app, and we ended up deciding to keep the APK tiny and simply download our data files on first run; they're going to have to be downloaded either way, but a small APK works much better on older devices without a lot of internal storage. Plus, you can potentially rig up a way for people to copy over the files directly from their computer if they have a limited data plan or a slow internet connection on their phone.
The "Downloader" sample app in apps-for-android (confusingly buried under "Samples") is almost a fully-implemented solution for this - you can pretty much just plug in the particulars of your data files and let it do the rest.
I wrote an app that relies on putting a good amount of native code into the Android filesystem. I did this by packaging the files into the APK as 'resources'. Instead of pushing them to the SD card, you can put then into the application's private namespace, I.E. /data/data/com.yourdomain.yourapp/nativeFolder.
For details on how to accomplish this, you can see my answer to this question.
It's fairly simple to package to just unpack them on the first run and never worry about them again. Also, since they're under the application's namespace, they should be deleted if/when someone were to decide to delete your app.
EDIT:
This method can be used to put anything into the app's private area; /data/data/com.yourdomain.yourapp/
However, as far as I know, your application has to be the one to create all the folders and sub-folders in this area. Luckily this is fairly easy to do. For example to have your app make a folder:
Process mkdir = Runtime.getRuntime().exec("mkdir " +localPath);
That works as it would in most linux shells. I walked through the assets folder I packaged into my APK, made the corresponding directories and copied all the native files to those directories.
What you might be more concerned with is the limited Android shell. There are many commands that you might want that aren't present. stat for example isn't available, so all of this may be moot if your native code can't make it's system calls.
So I'm trying to use the built-in drawable timepicker_up_btn for api level 7. It is in the actual res folder in the sdk, and I can use other resources from that folder. But I get the error message "Resource is not public".
It seems like Google is trying to limit the use of this resource. I would think they don't care if I use it in an Android application and it makes the overall look of my application similar to stock Android.
Anyway, is this fixable? Can I somehow use a non-public resource without copying it to my project? And what is the deal with copying stock resources to own projects? Illegal? Frowned upon? Or go ahead we don't care?
The best thing to do is to copy the files to our application. I was told by some Google employees that you should not reference the resources, rather copy them to your application.
One of the reasons for this is that if you reference a whole bunch of icons for your application, you are not guaranteed that every one of these is updated at the same time when new versions of the SDK is released. You might end up with some up-to-date fancy icons and some old ones :)
Is there any way to use not public android resources in my application?
You can reference them like this
android:drawable="#*android:drawable/pressed_application_background_static"
but it is not recommended, because private resources are likely to be renamed or removed in the future.
Technically you can copy the resource from SDK folder to your own resource folder and then use it as your own. Though I am not sure whether it's a violation of the copyright.