Encrypting folders for Android applications?
The application I’m using gets all the files from sdcard, but these files are very important and the app should maintain security issues. So is there a way to encrypt or lock the folder or directory containing the file using the key and only by my application?
Please help me, I’m new and stuck at this.
On Android, anything stored on the SD card is not rights protected, and any application that has access to the SD card can access it (and anyone/anyone who can pull the card out and read it elsewhere). Basically, you need to assume that if you put resources there, anyone can access them. So, you’re right, you want to encrypt these resources so that even with that access, no one can access them.
Android includes extensive support for well-known cryptography. In this case, you need to use symmetric encryption. The current best practice here is to use AES with 256-bit keys, all of which are natively supported in the Android class library. There are plenty of resources on how to do this in the online developer documentation, and in Application Security for the Android Platform is a complete list of all the issues you need to consider and code examples for the entire process. (Disclaimer: I am the author of this book).
You do need a key to encrypt this data, and you need to keep that key secret (anyone who knows it can decrypt the data). You have two options… (1) require the user to enter a password each time they use the application and then derive the key from that password, or (2) store the password in your application. (2) It’s dangerous because Android apps can be easily reverse-engineered, and attackers can simply look at your app and find the key. (1) is preferred because there is no key stored for an attacker to recover… The trade-off is that your users need to enter a password to use your app. What you should do here is the function of risk analysis… How important is this data? Do you need to protect it in a strong way, or do you just protect it to make things harder for attackers to do? Depending on your use case and the sensitivity/risk of your data, only you can answer this question.