Data Security - files only available for my App

Hi there!,

I want to have my files only available for my app and avoid any other 3rd party app or the user to get them by connecting the phone to the PC via USB cable, where should I put the files?, assets or ASD?.

I'm testing this and using Total commader on Android 7 I could access to all the files in /storage/emulated/0/Android/date/appinventor... , and it seems I can't on Android 10, so I would like to get an opinion on this topic so I can start explore that path.

Thanks!.

If you only need to read the files, you can store them in the assets. You can't write asset files, but I doubt other apps have access to them.

If you need to read and write the files, store them in the ASD. Reading the ASD of other apps cannot be achieved with the File component, but can be achieved with SAF.

1 Like

Put them in internal storage.
/data/data/<package_name>/files/

You can.
Total Commander works in Android 13 as usual.

1 Like

Hi vknow360,

I have done some tests on Android 7:

Test 1) Uploaded the files to assets, compiled and installed the app: Using the Total Commander I can not get access to the assets. Good, but it has some disadvantages.

Test 2) Defined a web component to download the files, compiled and installed the app: Using the Total Commander I can get access to the files under /storage/emulated/0/Android/data/appinventor.ai_myusername.AppName/files

Test 3) Defined a web component to download a ZIP file which will be unzipped using Taifun's ZIP extension and then delete the ZIP file, so I compiled and installed the app: Using Total Commander I can get access to the files under /storage/emulated/0/Android/data/appinventor.ai_myusername.AppName/filesFTP

Since I have almost 100 files which occupies more than 200MB in total I understand that uploading these to the assets is not an option.

I can not test this with Android 10 since Total Commander is allowing me to access to just to storage/emulated/0/Android/data/

Am I missing something?, I just want to have my files available for my App and not avaible for any other 3rd party app nor the user via USB connection.

Thanks for any hint,
Diego.

Hi, forgot to mention you in the previous post.

Hi Gordon,

Unfortunatelly I have almost 100 files with a size of 200MB in total, I think I can not upload them to asset due to the APK file size.

/storage/emulated/0/ and /data/data/ are different dirs.
You are using first one which is accessible.

Encrypt your data and get the decryption key in the app from an online source.

Download the files to the PrivateDir (→ internal storage):

/data/user/0/<packageName>/files/

This (like the assets) can only be accessed with a rooted device.
See also here: https://community.appinventor.mit.edu/t/some-basics-on-android-storage-system/

Thanks, I made a test using you suggestion with the following blocks using the absolute path file:///data/data:

Compiled the app, installed it on Android 7 but I can still access to the file with Total Commander since it seems to be downloaded to:

/storage/emulated/0/Android/data/appinventor.ai_UserName.AppName/files/file:/data/data/AI2/

Am I missing something?

you are using file scope App... try file scope Private
see also Storage

Below we briefly describe each scope type:

  • App: Files will be read from and written to app-specific storage on Android 2.2 and higher. On earlier versions of Android, files will be written to legacy storage.
  • Asset: Files will be read from the app assets. It is an error to attempt to write to app assets as they are contained in read-only storage.
  • Cache: Files will be read from and written to the app’s cache directory. Cache is useful for temporary files that can be recreated as it allows the user to clear temporary files to get back storage space.
  • Legacy: Files will be read from and written to the file system using the App Inventor rules prior to release nb187. That is, file names starting with a single / will be read from and written to the root of the external storage directory, e.g., /sdcard/. Legacy functionality will not work on Android 11 or later.
  • Private: Files will be read from and written to the app’s private directory. Use this scope to store information that shouldn’t be visible to other applications, such as file management apps.
  • Shared: Files will be read from and written to the device’s shared media directories, such as Pictures.

Taifun

Read my post and try what I suggested.

Hi Taifun,

I changed the FileScope from App to Private:

Deleted the files, compiled, and installed the new apk but the file is still under:

/storage/emulated/0/Android/data/appinventor.ai_UserName.AppName/files/file:/data/data/AI2/

(I made sure to delete it before installing the new apk)

Then I also changed App scope to Private in the App settings, compliled, installed it but:

  1. The logo.png is not stored in the folder from previous tests (good, but...)
  2. Notifier says 'YES' (good, but...)
  3. The image1 picture component is not displayed (it did it in the test before)
  4. The image2 picture component is not displayed (never did it, perhaps another problem)
  5. Label1 mentions /data/user/0/appinventor.ai_MyUser.AppName/files/file:/data/data/AI2/logo.png

Thanks for any hint!

if you want the web component to store something in the private storage, then you have to set the default file scope in the Screen1 properties also to Private

the correct path to the app's private directory would be as @Anke mentioned

there is no such path as file:///data/data/AI2...

I never tried this myself, so probably only the filename is required (in your case googlelogo.gif), because the path will be added automatically after setting the correct default file scope and file scope
just try the 3 different variants and let us know what you find out

Taifun

Hi Anke,

Yes, I'm trying to understand how to accomplish that (still learning about this topic), I will do some tests and report the results.

Yes, I did it and reported the results in previous post, they were not good, will keep testing.

Hi Anke,

I'm trying to understand how to accomplish that, in the post you mention it says without any slash, if I understood it properly then these are the results:

  1. DefaultAppScope: App & FileScope: Private: File is accesible
  2. DefaultAppScope: Private & FileScope: Private: File is not accesible

On second test:

  1. None of the pictures are displayed
  2. I can't find the file in the filesystem
  3. Notifier says TRUE
  4. Label1 shows: /data/user/0/appinventor.ai_MyUser.AppName/files/logo.png

Please let me know if the test was correct.

Uploaded the AIA file just in case I'm missing something else in the settings.

DownloadPIC.aia (2.6 KB)

Looks good
To display the picture try the full path, which starts with file:///data/...

Taifun

Tried with the following:

None of the images were displayed, Label1 shows: /data/user/0/appinventor.ai_MyUser.AppName/files/logo.png