Currently I am using file.delete() but it is showing a security risk for this as files deleted like this can be recovered by different means. So please provide me a correct way to delete a file. The security risk depicted here is provided by a testing tool called Quixxi and it checks for any vulnerability in app.
Asked
Active
Viewed 754 times
-1
Ankit Shukla
- 712
- 8
- 20
-
2Possible duplicate of [How do I delete files programmatically on Android?](https://stackoverflow.com/questions/24659704/how-do-i-delete-files-programmatically-on-android) – ADM May 14 '18 at 10:22
-
1security exception often occurs when you missed run time permission. – ADM May 14 '18 at 10:23
-
3*What* is 'showing a security exception'? `File.delete()` doesn't throw any exceptions. unless you're running under a `SecurityManager`, which would *throw* (not 'show') an exception *because you didn't grant yourself permission to delete the file', not for the reason you stated. Unclear what you're asking. – user207421 May 14 '18 at 10:28
-
1I am puzzled what you mean by *" ... as files deleted like this can be recovered by different means"*. Are you saying that a runtime exception is thrown that says this? Or is this a warning produced by a code checker of some kind? – Stephen C May 14 '18 at 11:14
-
There is a simple warning but when I used Quixxi Vulnerability testing then I found this file.delete() as a high security threat. Also it was found that files can be recovered using some methods that are deleted. Also I am not getting any error or exception and I have taken all read and write permissions. If any of you fellows ever used such testing tools then you guys would have known. But thanks. – Ankit Shukla May 14 '18 at 14:46
-
*If you had mentioned in your original question* that you were using such a tool we would have known. You didn't. – user207421 May 15 '18 at 03:55
2 Answers
0
The reason a "deleted" file is recoverable is because a delete operation simply unlinks the file in the filesystem, so the directory no longer considers that file part of it. The contents on disk (or whatever storage) still exist on that device.
If you want to guarantee the contents can never be recovered, you have to overwrite the contents first. There are no built-in functions to do this - you'd have to find a library or write the code yourself. Typically you'd write something like all 0s over the file (make sure to flush to media), write all 1s, write a pattern of 01 repeating, 10 repeating, something like that. After you've written with garbage patterns to media (flush) a few times, then you issue the delete.
user1676075
- 3,056
- 1
- 19
- 26
-
I agree with that but still there are apps which do secure and permanent delete. How do they gaurantee that. Are they also overwriting data as you said. – Ankit Shukla May 15 '18 at 06:39
-
1Yes, that is what programs doing safe delete are doing, overwriting the file content with multiple garbage patterns before "deleting" the file. – user1676075 May 16 '18 at 18:16
0
Not possible in JRE, unfortunately. The JVM is not designed for that, and you need OS-dependent utilities.
The answer by user1676075 contains a mistake. Let's go by steps.
As pointed out already, Java's File.delete method only unlinks the file leaving its contents on disk. It actually invokes the underlying OS APIs to perform this unlink operation.
The problem occurs when you want to overwrite contents in Java.
Java can open a file for overwrite, but will leverage OS utils to do so. And the OS will likely:
- Unlink the allocated space on disk
- Link the file to a new free area of disk
The result is that you are now writing tons of zeroes... somewhere else!!! And even if you managed to write zeroes on the same sectors used by the original file, Gutmann method exists for a reason. Gutmann utilities require root/Administrator (Super User) permissions and direct DMA access to precisely control where the writes have to occur.
And with SSDs, things changes. Actually, it might get easier! At this point, I should provide source for SSDs having a CLEAR instructions to replace a sector with zeroes and that privacy-savy disk controllers do that. But maybe pretend you have read nothing.
This will be a sufficient answer for now, because we have demonstrated that there is no out-of-the-box and straightforward way to securely clear a file in Java.
What Java allows, and is called Java Native Interfaces (please also see Java Native Access), is to call native code from Java. So, you got your Gutmann tool in C++ ready? Are you running root? You can write code to invoke Gutmann-ish erasure from Java, but that's a whole other point.
Never tried, but surely feasible
usr-local-ΕΨΗΕΛΩΝ
- 26,101
- 30
- 154
- 305