I have an application that can have multiple users on the device. I have a counter that needs to be read and updated across all users. Is there a way that this variable can persist across all user profiles?
We want to avoid using Settings.Global since all applications would have access to the variable and we would like to make it so it is accessible only for our app.
SharedPreference is user specific so that won't be an option.
We could save to a file but then again another team who has access to the source code may be able to access and edit the variable. Maybe there is a way for only our application to have write access to the file?
Is SqlDelight user-specific? I haven't found a concrete answer to that online.
If I understand you correctly, internal storage is what you're looking for. Only your app can access the directory, other apps can't. No need for permission and all data removes if app removes.
More info in official docs about differece of storages:
https://developer.android.com/training/data-storage
and here is for internal storage specifically:
https://developer.android.com/training/data-storage/app-specific
Related
What could be used instead of Shared Preferences for storing user information? People say Shared Preference is not Secure.
You can use SQLCipher library for encrypted database or encrypt/decrypt values yourself with some key and store result in SharedPreferences. To store keys use Android keystone system.
If you are storing information in the users' device, no approach is 100% secure. You can hide the information in some ways (eg. encoding, encryption, etc) but still won't be 100% secure.
In order to make your information secure, you will need to store the information in a remote server.
Shared Preferences are stored as a file in the filesystem on the device. They are, by default, stored within the app's data directory with filesystem premissions set that only allow the UID that the specific application runs with to access them. So, they are private in so much as Linux file permissions restrict access to them, the same as on any Linux/Unix system.
Anyone with root level access to the device will be able to see them, as root has access to everything on the filesystem. Also, any application that runs with the same UID as the creating app would be able to access them (this is not usually done and you need to take specific action to make two apps runs with the same UID, so this is probably not a big concern). Finally, if someone was able to mount your device's filesystem without using the installed Android OS, they could also bypass the permissions that restrict access.
If you're concerned about such access to your preferences (or any data written by your application), then you will want to encrypt it. If you are that concerned about them, you're going to need to figure out exactly how much protection is necessary for the level of risk you see.
You can also use Database with encryption like whatsapp. Its a best way for security point of view. If you want you can hide the Database also.
I need to save some URL that could change later in my app. I want that no-one can see them and find these URLs.
I tried SharedPrefences and database but they are easily accessible by any one who has a rooted phone.
Is there anyway to encode this data and save them in SharedPrefences so that I can decrypt it in the app?
encrypted-userprefs is a good library that allows you to encrypt the saved preferences. However, keep in mind that through reverse engineering, it might still be possible to retrieve the encryption keys from your APK and since you're using a URL, your app is likely to request it at some point where a network tool such as WireShark can observe it.
You can make it difficult, but you can't make it impossible.
Think about it: you want the information to be accessible to your app (you didn't say that, but I'm assuming it), but inaccessible to everyone else. That means your app has to have more information than anyone else, even a human who has root access to the phone.
Anyone who has that level of access to your phone has access to the app's bytecode. They can use this to see what your app does, down to the finest detail. In other words, what information does your app have that a human can't gain access to? None. Anything your app can do, a determined human with root access can also do.
Sensitive information should always be stored server-side. Even then, anyone with root access to your server can get at that information (for the same reasons as above); but the idea is that everyone and their mother can download the app, but people you trust (employees, etc) can get at the server.
I am writing an SDK for Android that will be used by many different apps. Each app needs to know if there is a previous installation of another app that uses the SDK; the first one will create a random id (a cookie) and store it, all later apps have to read it and reuse it. Note that the cookie will be created anew for every device.
I have searched for a long time for the answer; please read thoroughly before answering because I have read lots of different StackOverflow answers and have scoured the internet reading random blogs; I have tried a lot of things but none worked (I will save you the links).
A ContentProvider is definitely overkill. Also it needs to intrude an app's AndroidManifest.xml, something I am trying to avoid.
Likewise for a service: needs to be defined in the AndroidManifest.xml, which I do not control and do not want to require changes to.
Using external storage would perhaps be an option, but I don't want to require additional permissions.
Using SharedPreferences directly with getSharedPreferences() does not work because apps can only access their own preferences.
I can get a common preferences object using createPackageContext(package, MODE).getSharedPreferences(). This would work beautifully if I had a main package and many clients of the data, but in fact I don't know the package of the app that will be installed first -- it can be any of them. I don't even have a list of package names to search. Passing a package name which has not been installed fails.
Following the approach above, I have tried to piggyback on some standard Android app which I can count on, and store my preferences there -- say:
createPackageContext(
"com.android.browser",
Context.CONTEXT_RESTRICTED)
.getSharedPreferences(
"GLOBAL_PREFS",
Context.MODE_WORLD_READABLE);
but it does not work: the error reads
Couldn't create directory for SharedPreferences file
/data/data/com.android.browser/shared_prefs/GLOBAL_PREFS.xml
So, to recap: I need to store a piece of data (a short string) in some standard location, so that any other app can go there and read it if present, and it should work if at all possible without doing any magic in the AndroidManifest.xml or requesting any permissions.
There probably isn't any perfect answer, so perhaps the best solution is to write to external storage; then so be it. To put things into context, apparently it is trivial to do this on iOS using a keychain, designed to store secure data.
Unfortunately there really isn't a great answer for this that I know of. You've come up with a pretty good outline of your options and the best way may well be with external storage.
Just to throw something out there, I suppose it's possible you could use a flat file with a fixed name and world readable (and possibly writable) permissions. You'd have to then iterate through all applications' directories and check for this known-named file in each folder and attempt to open it.
While this might work theoretically, consider the case where the app that contains the "cookie" is uninstalled. Then you're left cookie-less. You might want to create the cookie in every app, copying over the value of the previous cookies to new cookies.
I haven't actually tried this, but I imagine it should work.
I am building an application where in i want to know which all applications present on the android device have opened/accessed a given file. Can any one help me on this. I have used FileObservor, but it just tells me which all files are opened or accessed. I want to know which application has accessed it.
First, there is no logging, so you would have to catch things as they are happening, before they are finished.
On an ordinary linux you would be able to use the file observer like (inotify) mechanism to find out when a file is accessed, and then go trolling through through /proc/whatever/fd to try to find who is accessing it, if you can do that while they still have it open. But android runs each application as its own userid (excepting allied packages which share), meaning that you lack permission to access this information from another app.
You might be able to accomplish something by holding the data in a content provider rather than putting it in a simple file, as then any access to it would be mediated by your code.
I have one question about Android. I need to run one of my activities only once - at the beggining. So, usually the best solution is to create file which contains flag isFirstRun and check the value after application's start.
But in my application it is very important to protect this file before deleting by user. Even if user has rooted phone he should not be able to change the value or delete this file.
So, is it possible to write this information to any Android system registry or somewhere else where user can't change this value?
No, it is not possible, for a simple reason, a root user have access to everything by definition. It won't make sense to have a program that has more rights than root.
The user can delete all the data your application saves. Consider saving this information on some server.