I am newbie to the platform of android. I am intending to make an application that will protected your desired folders and files through password to keep it access limited to your application. You cant access the content through file explorers on android and via SD card reader. I also want to know how to make a background service that cant be killed by task killers.
Looking forward for your comments and reply
Best Regards,
I am intending to make an application that will protected your desired folders and files through password to keep it access limited to your application. You cant access the content through file explorers on android and via SD card reader.
What you want is impossible, except perhaps via firmware modifications, since it is a massive security violation.
Related
My application generates some .csv files while running and these files are placed inside Android File system. These files are accessible outside the application also(as i can open these files in text editor and modify...)
Now I want that only my application should be able to read/write into these files.
Please help me in achieving this.
Thanks a lot.
These files are accessible outside the application also(as i can open these files in text editor and modify...)
Presumably that means you are placing them on external storage.
Now I want that only my application should be able to read/write into these files
Place the files on internal storage. This will prevent ordinary Android users from accessing the files except via your app.
Owners of rooted devices can get at those files, and if you are concerned about that scenario, then do not create any files at all, as owners of rooted devices can get to anything.
Also see article here: http://developer.android.com/training/basics/data-storage/files.html
It informs about internal vs external storage as well as making data public vs private for your app.
I want to password protect my local phone directory folder
This folder (directory) has been created by my application at run time with password protection.
My application can open this folder and used for self.
Any one can't open this folder manually. It is possible in android.
Thanks in advance.
This is not possible on Android.
You could create your folder on the internal memory, so that only your app can access it on normal devices. However, anyone with a rooted device will be able to browse your folder using a file manager, and other apps will also be able to read its contents if given root access.
A folder on the external storage is accessible to all apps with the READ_EXTERNAL_STORAGE permission, so you'll want to avoid using that.
At any rate, there is no 100% effective way to secure your folder such that only your app can access it.
However, you could try encrypting your data. This is what many apps like whatsapp do. Even when Whatsapp backs up the chats to the external storage, it is AES encrypted so that while others can access the data, they can't read it without decrypting it first. I would recommend that your try encryption
I'm making an Android app that generates an Excel file using JExcelApi. The content of the fiel is also available as plain text but it's not stored anywhere (I'm using it for displaying it on a TextView; the content isn't too complex).
To simplify things I store the Excel file on the SD card root directory. I know it's not good practice, but this app is not meant for wide distribution and it's only used for internal purposes in my company, so I'm not too worried about it. When the app generates the file, you can either press a "send XLS" button on the main view which will create a SEND_ACTION intent so you can send the file through email, Dropbox or whatever, or you can just simply plug the phone to a computer, mount it as USB storage and get the file.
However, soon we're going to need to send the app to some of our clients and some changes need to be done. We don't want our clients to access the XLS file, so I need to protect it somehow. Unfortunately, JExcelApi does not support password protected files, so I need to find an alternative way to protect it.
Regarding the "send" button: I was thinking about adding a simple password dialog, so that the user needs to type in a hard-coded password first before the intent is sent. I still haven't taken a look at this, though.
What worries me the most is the XLS file. Ideally, it should still be available on the SD card's root folder, but I realize that this may make things much harder than necessary. Using the app's private storage would be option because the file would be "invisible", but this can be easily beaten by using a rooted phone. I've taken a look around the Cipher class but I'm not sure how I could apply it to my case: the JExcelApi manages the opening and saving of files by itself and I can't use CipherOutputStream to save the file; I also need to be able to decrypt the file on a PC.
What should I do? Is there any way to encrypt the file in Android in a way that would make it possible to decrypt it on a PC? Should I find some other Excel APIs that support password protection (are there even any)?
About the security requirements: the content of the report is not critical and it wouldn't be a big deal if our clients got access to it (I mean, the content itself is displayed on screen!), but I'd like to make it annoying enough that our clients would cease to insist accessing the XLS file, if they ever tried to.
TL;DR: how do I encrypt any kind of file in Android?
I'm not very familiar with encryption on Android, but there's the Bouncycastle library that can be used for encrytion on Android. There might be some pitfalls, but apparently you can also use Android's own Cipher class for en-/decrypting using different algorithms.
If you want to share the encrypted data you'll have to have a shared key in order to let the recipient decrypt it.
Can users with a rooted device view files in the assets folder of my app?
I ask because I intend to place files there that can be accessed from the application, however they should not be viewable in any other way.
I am developing on Froyo 2.2
Yep, sure can. Assets is just another directory on the filesystem of the device. Permissions are enforced on those based on the underlying Linux permissions model, so anyone with access to root on the device can access anything on it.
There is an in-depth discussion of how the assets of applications are isolated/protected, as well as a discuss about how root can access them and how you can protect against this, in Application Security for the Android Platform (disclaimer: I'm the author of this book). Basically, if you're concerned about root having access to files within your application, you're going to want to encrypt them so even if root can get to them, they will not be readable. This approach has a lot of its own implementation problems, all centered on how you manage the keys used to encrypt/decrypt the files. While there are things you can do to make it much more difficult for someone with root to get as your application's files, you cannot make this impossible as root users have full control over the device and everything on it.
Its not possible to prevent anyone getting to your assets.
i'm writing an application that needs to store some data,and picture. For example place's information. this information don't need to change very often. and
I have seen that databases are
stored under /data/data/package_name/databases
I decided to store my data under /data/data/package_name/files.
With the emulator i can see all these files (databases)
under the proposed directories but moving the application on a real
device and installing a file system browser i cannot see any file
under /data. i know that there are some security constrain in (not-rooted) device. However, are there any suggestion about the solution.. where can i store these data and how? because i'm quite new to android. Thanks so much for your help.
The reason you can't see it on the device is basically just as you said; the device isn't rooted, so other apps don't have access to the /data folder.
This is okay though, because you can still store your files there. Your app has access to anything under /data/data/package_name/, you just won't be able to see it in a file browser unless you root. This is normally a good thing, to keep average users from mucking around with your databases/files.
Read up more on storage methods here.