1

I have an application that copies some files (db, images, pdf, texte files) locally and needs to access to this files to allow the good working of the app. - queries to the bdd
- files like pdfs and images that needs to be displayed
- text files that needs to be read by the app

My question is how to protect all that files from the users ? This is sensible informations, and I don't want all the users can access to it so easily?

I have seen all that tickets : ticket1, ticket2, ticket3, but I am not sure that it is the good way to do it?

Any suggestions?

ΩlostA
  • 2,152
  • 4
  • 19
  • 47
  • Are the data static and read-only or can the user modify it. If the data is read-only see these questions: https://stackoverflow.com/q/13854425/150978 https://stackoverflow.com/questions/27320610/how-can-i-use-the-android-keystore-to-securely-store-arbitrary-strings/27871470#27871470 – Robert Jun 15 '20 at 16:35
  • @Robert the user can modify it, and mainly the db that I have to protect and contains very important informations. I am going to check your links. – ΩlostA Jun 16 '20 at 13:04

1 Answers1

0

Android provides you with 3 types of private storage that's meant to be accessed by your app only.

  1. Databases to store structured data in a private database using the Room persistence library.
  2. SharedPreferences to store data as key-value pairs
  3. And finally in your case Internal Storage to store custom types of data especially files and media.

To write on private storage:

Make a new File and write on it:

File file = new File(getApplicationContext().getFilesDir(),"MyPrivateFile.txt");
abd3llatif
  • 59
  • 1
  • 5
  • The private storage is app-private, which is the opposite of the external storage. – Robert Jun 15 '20 at 16:31
  • Even if you need the permission of external storage to write the files, it still a private storage, please review the [official documentation](https://developer.android.com/training/data-storage) and also this answer [here](https://stackoverflow.com/a/44587950/7316824) – abd3llatif Jun 15 '20 at 16:38
  • AFAIK the external storage is fully accessible via MTP from a PC or via adb. hence it is not protected in any way, especially as the OP asks how to `protect all that files from the users`. Saving such files on external storage is just the opposite, this is `making access for the user as easy as possible`. – Robert Jun 15 '20 at 16:41
  • @Robert He want's to protect his data from users as he said, but if he want's to add an other layer of security, he can encrypt files before write them on disk – abd3llatif Jun 15 '20 at 17:18