Reputation: 179
Security of files in android
We are trying to create an app which will download eBook from server and store it locally on sdcard. We tried to DRM eBooks, after we download an eBook the DRM will take care of the security of the eBook. But later due to some reasons we left the DRM concept. Now I want to know whether we can store the eBook securely in the sdcard. The user cannot do any operations in the file other than viewing. Can we store the file in some other location where the user cannot view the file at all. In iOS we can download the file inside the Bundle itself, but for android???. We tried storing the pdf as a BLOB file in DB and tried to read it from there, in that case also we need to write the file and then read it. I am really confused on this Issue, can someone suggest me a good approach on how to proceed further. Any help would be really appreciable.
Upvotes: 2
Views: 287
Answers (4)
Reputation: 885
i) keep the files encrypted which are important to you.
ii) decrypt the files and move to the internal storage during runtime.
iii) Access your files only from internal storage.
Following these things will keep your file and method calling safe as they are accessible only to internal storage. Example:(access moved assets files from internal storage ) file:///android_asset/ => file:///data/data/com.test.exmple/files/"
You can also try tools like quixxi that do this for you transparently.
Upvotes: 1
Reputation: 24039
Personally I've avoid the SDcard given it's pretty much open to all apps, as @commonsWare mentions having it internal storage offers the Android app sandbox security.
Have you considered IOCipher from the excellent guys at the guardian project it's build on SQLCipher and it allow you to create a encrypted virtual disk. The part I love about it is that it's a clone of the java.io libraries so you should only have minimal code changes.
Upvotes: 2
Reputation: 23546
Files stored on the external storage are easy to read by other applications or from user's PC. You might need to encrypt your files if you don't want anybody else to get access. Well encrypted files can be places anywhere in the system without any risks of being read.
Storing files on the internal storage in your case does not sound good, because there are still too many devices out there with the limited amount of internal storage, where every megabyte counts.
Upvotes: 1
Reputation: 1007658
Can we store the file in some other location where the user cannot view the file at all.
Not on external storage. You can put the book on internal storage, in which case only rooted device users would have access to it outside of your app.
Upvotes: 1
Related Questions
- Protecting files on android
- File permissions in Android
- Android - file permissions
- Securing media files in the mobile
- File Storage with security in Android
- Protect files from being accessed outside the app itself
- Android file security
- Security protected for my video and pdf files?
- Secure path in Android FileSystem?
- protect a file