1

I am developing an application to download files online, save them on internal storage, and read them once installed. Moreover, my client have requested than the files are encrypted.

Actually I have developed a working version that do the following :

Download process : 1) Download the File on internal storage 2) create a new encrypted file from the original one, and save it in the internal folder 3) Delete the original one

Opening process : 1) Create a Decrypted file from the encrypted one and save it in the internal storage 2) Open the decrypted file with the correct viewer 3) Delete the decrypted file once the user stop reading it.

Here is my question: I am actually using activityForResult and an Intent ACTION VIEW to open the decrypted file from the internal storage. First of All, I don't like using an ActivityForResult on an ACTION VIEW Intent because it is handled by a external app, Secondly the user keep the decrypted file if he leave the app from the viewer.

How Can I Create a temporary file from my decrypted file which will be destroy after the user finish reading it?

The downloaded files needs to be readable offline, so streaming is not an option.

Thomas Ehling
  • 11
  • 8
  • What security do you think you are gaining from doing this? – Luke Joshua Park Sep 06 '17 at 08:06
  • The only specification my clients required is : "The user can't be able to open the file from the app folder without the help of the application", including the case, of course that the user phone is rooted. With my actual version the only files whiches remain in the app folder after using the app are encryped ones. – Thomas Ehling Sep 06 '17 at 08:08
  • why not stream it/copy it to the device and delete from the server immediately? Or just schedule a task to delete in 30 minutes? – Scary Wombat Sep 06 '17 at 08:11
  • Because I want the user to be able to open the file he have downloaded in offline mode. As for the task, how would you do such a thing ? – Thomas Ehling Sep 06 '17 at 08:13
  • maybe http://www.vogella.com/tutorials/AndroidTaskScheduling/article.html – Scary Wombat Sep 06 '17 at 08:15
  • As a question, Is there any reason to the file not be already encrypted in the server? That could, maybe, give you some extra security. – Shirkam Sep 06 '17 at 08:19
  • I agree, but The files are managed by the Client, and it told me that this is not an option – Thomas Ehling Sep 06 '17 at 08:22

1 Answers1

0

EDIT: SOLUTION

The only solution is to take control of the Intent, so that the ActivityForResult can be used safely here. Therefore, the viewer must be implemented in the application. If the files are not common files, as my case, you should develop your own reader/viewer. This allows you to completely control what your application is doing and when your files will be deleted.

Thomas Ehling
  • 11
  • 8