All geek questions in one place

Folder encryption for Android app?

The application I'm working on gets all the files from the SD card, but these files are really important, and the application should support the security issue. So is there a way that a folder or directory containing a file can be encrypted or locked with a key and only for my application? Please help, I'm new and stuck at this point.

+4
source share
3 answers

In Android, everything stored on the SD card is not protected by permissions and can be accessed by any application that has permission to touch the SD card (and by someone who can remove the card and read it elsewhere). Basically, you need to assume that if you post resources there, they may be accessed freely. So, you are right, you want to encrypt these resources so that even with this access no one can access them.

Android contains a lot of support for widely known cryptography. In this case, you will want to use symmetric encryption. Currently, it is best to use AES with 256-bit keys, all of which are supported in the Android class libraries. There are many resources on how to do this in the online developer documentation, and there is a full summary of all the problems you need to think about, and code samples of the entire process in Application Security for the Android platform (disclaimer: I am the author of this book).

You need a key to encrypt this data, and you need to keep this key secret (anyone who knows that it can decrypt the data). You have two options ... (1) to request a password from the user each time they use the application, and then extract the key from this password or (2) store the password in your application. (2) is dangerous, because Android applications can be easily reconstructed, where an attacker can just peek into your application and find the key. (1) is preferable, because then there is no key stored for the attacker to recover ... the trade-off is that your users must enter a password to use your application. What you have to do here is a risk analysis function ... how important is this data? Do you need to defend yourself in a strong manner, or do you defend it to make things more difficult for an attacker? Only you can answer this based on your use cases and the sensitivity / risk of your data.

+3
source

Take a look at these resources:

http://source.android.com/tech/encryption/android_crypto_implementation.html

http://developer.android.com/reference/javax/crypto/package-summary.html

You should know that, of course, you should not store the key for encrypted data in the clear, but rather encrypt it with the password itself, which the user can select or similar.

0
source

Here's how to create a new folder:

String SaveFolder = "/Save"; String extStorageDirectory = Environment.getExternalStorageDirectory().toString(); File mySaveFolder = new File(extStorageDirectory + SaveFolder); mySaveFolder.mkdir();

Get this code in public void onCreate Now it creates a folder called Save.

Edit: I looked that there is no way to set a password or anything else. Although I read here http://developer.android.com/guide/topics/data/data-storage.html#filesInternal , you can save the files in internal memory, where users also cannot access, but I never used that, so I can’t help it.

-3
source

Source: https://habr.com/ru/post/1399007/

More articles:


All Articles