Proprietary File Formats or Encryption to restrict access to files (Android)

Question

We have an Android app that allows the end-user to download and open files hosted from our server. These can be PDFs, mp4's, etc. However we don't want the user to be able to launch these files from the OS filesystem: we'd like the only way to open these downloaded files to be through our own app.

Can this be achieved by creating a proprietary file format, or some use of encryption that I'm not aware of? If so, would we need to create our own PDF reader that is capable of parsing through the obscurity that we develop, or would there be some way to internally "decrypt" the file and then open it in a standard 3rd party PDF viewer?

Answer 1

Internal storage is designed for holding content for which your app manages the access. This is in contrast to external storage (where the user has equal control) and removable storage (where the user has far greater control).

If you download your content to internal storage, you can use FileProvider to selectively grant short-term access to that content to viewer apps and the like.

This is not perfect:

• Rooted device users can get at the content, but they can also defeat your other techniques too

• A viewer might have its own "save as" or "share" or similar means of saving the content somewhere that the user controls

However, this is not significantly different than how content works on most platforms.