2

I was wondering, what is a good way, to prevent my app files from being read/ write to other apps, in non-root devices

Currently, I'm storing my data (images, audio, ...) in getExternalFilesDir

But, some of my users complain that, they are still able to see images in 3rd party gallery app.

I am not sure whether they are using root phone. So far, I cannot access my app getExternalFilesDir from Google Photo app.

Based on https://developer.android.com/training/data-storage, it seems that only getFilesDir will prevent other apps from accessing the files.

But, is it appropriate for an app to store user data file in getFilesDir? (My app is a note taking app which needs to store user attachment images, audio, ...)

From discussion of Android getExternalFilesDir vs getFilesDir() for big files , it seems like getFilesDir is not designed to store user data files?

Cheok Yan Cheng
  • 47,586
  • 132
  • 466
  • 875
  • Unless I am wrong, all data stored in your application installation directory are private to your app and cannot be read from another app, unless rooted or shared via a `ContentProvider` from you app. So `getFilesDir` normally returns said directory in which you can safely store you app's data. – Mackovich Aug 20 '20 at 12:11

1 Answers1

1

I was wondering, what is a good way, to prevent my app files from being read/ write to other apps, in non-root devices

Store your data in internal storage (mostly getFilesDir() and getCacheDir()).

Currently, I'm storing my data (images, audio, ...) in getExternalFilesDir

The only reason to use that location is if you want the user to be able to use your content from outside of your app, whether via other apps or via an attached desktop computer.

In the long term, getExternalFilesDir() and getExternalCacheDir() will be off-limits to other apps — you will start seeing this on Android 11 in particular. However, it will take years for Android 11+ to dominate the Android device ecosystem.

But, some of my users complain that, they are still able to see images in 3rd party gallery app.

Such apps might be augmenting the MediaStore by scanning external storage for images.

But, is it appropriate for an app to store user data file in getFilesDir?

Yes. Everything should be in internal storage, unless there is a specific need for the user to be able to use the content outside of your app. Internal storage should be your default choice, with external storage or the Storage Access Framework being explicit choices made to go against that default.

From discussion of Android getExternalFilesDir vs getFilesDir() for big files , it seems like getFilesDir is not designed to store user data files?

Um, no.

A decade ago, internal storage and external storage were separate partitions, in part because external storage typically was implemented as removable storage (micro SD card). Since Android 3.0 in 2011, though, internal storage and external storage are almost always separate directories on the same partition. The primary distinction between the two is what processes could access the files, with your portion of internal storage being locked down to just your app, and external storage being accessible by anything.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • Thanks for the lengthy reply. I need some time to digest them. I am rather confused, as I just remove all code access to Environment.getExternalStorageDirectory due to SAF :-) I re-read again https://developer.android.com/training/data-storage/app-specific. It seems both App Internal storage and App External storage directories, are not meant to be accessed by other app. (Even though Android has stronger policy like encryption, to do the enforcement on Internal storage) – Cheok Yan Cheng Aug 20 '20 at 14:11
  • @CheokYanCheng: "It seems both App Internal storage and App External storage directories, are not meant to be accessed by other app" -- Google documentation is often poor and rarely takes history into account. Their focus on that page is what the world is like with Android 11 and not on the reality of the vast majority of devices in 2020. In the long term, `getExternalFilesDir()` will be private to the app. That is not the case today, nor will it be the case for most devices for the next few years. – CommonsWare Aug 20 '20 at 14:24