2

As we all know internal storage is not the right place to store big data in Android for many reasons that's why we should rely on SD card. My app needs to store a lot of small videos and images in a cache folder, for this reason im using the standard "/sdcard/Android/cache" directory.

Problem is that internal storage is not that easy to read SDcard instead is easily readable and mountable elsewhere.

My idea is to override Input and Output File stream classes to introduce a xor operator or some other easy "scrambling" code. Would this be a good idea? Is there any better solution which does not add a lot of overhead?

Zutroi
  • 31
  • 1
  • 3
  • Depends. What are you protecting the data *from*, and how determined do you expect your attackers to be? – Piskvor left the building Sep 14 '11 at 16:36
  • I just don't want to have plain images and video files there that can be read by anyone just mounting the sd on a pc and changing the extension to jpg or whatever, just that, i don-t need strong encryption, that-s why i was thinking about a simple xor – Zutroi Sep 14 '11 at 16:38

4 Answers4

3

You could always try to encrypt the data. There's a good response here that you might want to look at:

Is there a way to securely store user data on an Android device?

Community
  • 1
  • 1
Otra
  • 8,108
  • 3
  • 34
  • 49
  • Yep that would be good for text or small data but i need to store video and images so using a real crypto library would be far to slow – Zutroi Sep 14 '11 at 16:36
  • You said the images and videos were small. How big do you plan for them to get? – Otra Sep 14 '11 at 16:44
  • Don't know, houndreds of file and total size won't be more than 100Mb (for all the files, not just one) – Zutroi Sep 14 '11 at 17:40
  • 1
    Just food for thought, it takes about a second to encrypt a 100kb image and about 8 seconds to encrypt a 3mb file but it looks like you've found your solution. – Otra Sep 14 '11 at 18:48
  • Since im using that images to populate interactive lists one second is a lot! Thanks for your help anyway (i would vote you up but i have not enough points) – Zutroi Sep 15 '11 at 12:59
  • @Zutroi, how do you know they are far too slow? Have you benchmarked? I bet if you benchmarked it, you'd find that the performance of conventional symmetric-key encryption (e.g., based upon AES) is perfectly adequate. – D.W. Sep 16 '11 at 23:53
  • @DW Otra said "1 second" and i replied "1 second is too much" because i need to populate a list, no i did not benchmarked anything but its clear that populating a list with 200 images encrypted in a sd card is not that snappy even if you spawn a thread for each of it. – Zutroi Sep 18 '11 at 08:10
2

If you have a lot of images you must have a DB backend, you just need to create a, don't know, 32 chars key for every image and then when you write the files in cache split that key in 4/6/8 and write 4/6/8 files instead of one.

In this way it won't be that easy to read the data because you must know which are the chunks and the chunks order is on the DB which is stored on intenrnal dir.

No overhead at all.

JohnUopini
  • 960
  • 9
  • 24
  • I expect this scheme to be totally insecure. Why bother with something that is not secure? – D.W. Sep 16 '11 at 23:55
  • Requester asked a way to protect images and video by simply connecting the SD card to the pc and changing extension. In this way if you dont have the DB (which is not on SD) and there are hundreds of files (like the requester pointed out) there is no way for the average user to recreate the original file, so yes, it is more secure and without ANY overhead. If you put images in a listView encryption would slow down everything, your downvote is unfair, my answer respect the requirements. – JohnUopini Sep 17 '11 at 10:03
0

Since the file system is more than likely fat or fat32 protecting it permission based way would be more convoluted.

If you are storing flat text files I'd suggest finding a complex algorithm to encode and decode along with several 'passes'. It won't be too secure however.

If you can change or convert the file system you may open up some options. You could use efs from ms. But that works if you convert the volume to ntfs. I'm sure android can't read that file system. Especially with efs.

apollosoftware.org
  • 12,161
  • 4
  • 48
  • 69
  • As i said im storing images and videos, i need something extremely fast and a little secure (but just a little) – Zutroi Sep 14 '11 at 16:39
0

I recommend that you encrypt the data, and store the key in private storage.

Don't use xor or some similar half-baked thing. That will be trivially decryptable.

D.W.
  • 3,382
  • 7
  • 44
  • 110