This question already has an answer here:
Prevent Mp3 file to play in another Media player
(1 answer)
Closed 9 years ago.
I am needing to build an Android application that has music/audio files downloaded from a webservice and ultimately stored on the filesystem for playing within the app, but I need to prevent the user from being able to access and play the files, rooted or not.
My first instinct is to encrypt them before storing to the filesystem, but I'm not sure which encryption algorithms I should be focused on, as well as whether it makes a difference that these are binary files being encrypted vs. plain text files (I'm reading posts about encryption not working correctly for audio files).
Is there a better way to approach this kind of thing? I see a similar question to this has been asked, but it unfortunately has no solid answers:
How can I store music on an android phone without allowing the user to be able to download it and use it?
My apologies if I have overlooked how this can be accomplished. Any advice would be greatly appreciated!
You are asking how to create a DRM system. It is a controversial topic, and there is no direct answer. The site Defective by Design discusses the negative aspects to DRM systems from the perspective of the user.
The answer to your question really depends on how you define "the user". If you mean the average, ordinary user, you could really encrypt the file any way you like. Even something as trivial as XORing the file would work.
However, if the "user" you are talking about is a determined individual with a decent amount of knowledge and technical aptitude, the simple answer is that you can't. It is trivially easy to get the java source out of a .class file so anyone who really wants to get at those files can look at your code to find out how you encrypted it and then reverse engineer it.
Simply put, if your client can read the file, any user who has the client can read the file (with or without using your client).
Related
This question already has answers here:
How to avoid reverse engineering of an APK assets folder resources items file?
(2 answers)
Closed 6 years ago.
I've a question related to Data security in Android development. Right now i am working in an application where i need to keep an existing database in assets folder so App can copy it in to the internal writable location to avoid the large database download from server during first time installation. But unfortunately using APK decompiling tool one can view the files in assets folder included this database file. Is there a way to prevent my assets-files from being decompiled so Data security can be assured in my application. Any help would be highly appreciated. Thanks.
Simple answer is no . there will always be some way where a potential hacker can do it's tricks though you can make it harder by using some 'encryption' schemes mean you can encrypt your data with some special key,then with the key you can encode and decode your data so better place to keep things more secure is nactive libs means you using native(c,c++) code which should contain your sensitive data and generate libs, by doing this you are adding an another layer of encryption because reverse engineered native form of native libs are quite hard to read.
My app picks up the GPS location of the user every 5 minutes, saves it and then sends it to a server.
The problem I'm facing is I need the data stored on the android SD card to be Crypted so no one except me on the server can access it. Also I need to think of a way to make sure that no-one has edited the data except me.
For the last I've thought writing the MD5 checksum of the file each time I close it so when the app opens the file it checkes the MD5 to see if they match.
The problem with this is I think it'll waste resources and battery as I'm already checking for the GPS location every 5 minutes.
Any ideas would be appreciated as for crypting data I've been unable to find the most secure way
Thanks!!!
EDIT: I've already checked subjects on cryptography but everything seems so think that it's vulnerable to anyone with a little time, that's why I'm asking!
You should store your data using Sqlite with SqlCipher:
http://sqlcipher.net/sqlcipher-for-android/
As you say, there is no way to completely prevent the data from being viewed/edited by a determined attacker, as you will have to expose your encryption key either in the program code or a save file somewhere on the system.
However no homegrown solution you or I could write would be any better, this is just the nature of the hardware/OS.
If you want the data safe from reading, I suggest you delete it after transmitting to the server.
Aside, if you're checking GPS every 5 minutes, there is hardly anything you could do that would be a noticeable battery drain compared to that.
I want to record audio and save to my server as mp3 files, i googled and find like this
But it is not free and open source
How can i record audio as mp3 in java and php ?
In terms of Java, you could record with standard Java sound and then use something like lameonj to do the mp3 encoding - all free tools!
This question is the same as yours and the person was able to come up with a solution (which he posted as an answer).
A little additional information. It is possible to record sound in an applet. See this page for information on Java Sound and applets. You'll need to sign your applet, which isn't hard to do. The answer to question 5 doesn't mention this but you can create your own (untrusted) certificate with which to do the signing. This question here on SO has some information on self-signing code.
I solved my problem, I used lame library to encode mp3, If you want to pure code to encode mp3, you can use this
Its using java based lame library
I'm currently developing an application for a company which includes livescoring. The XML-files I access (from the net like: "http://company.com/files/xml/livescoring.xml") are not intended to be public and should only known to me.
I was wondering if it is possible for anyone to decode the .apk file and read my original .java files (which include the link to the XML files).
So, I renamed the .apk file to .zip and could access the "classes.dex", which seemed to include the .java files (or classes). Googling led me to a tool named "AvaBoxV2" which decoded this "classes.dex" file. Now I have a folder including an "out" folder where files named .smali exist. I opend one of these with an editor and finally there is the link to the xml file. Not good. :(
Is there a way to encrypt my app or the classes.dex file? I don't want to tell that company, that anyone can access the original xml-files. Maybe signing the app probably helps?
Also, do you know a really noob-friendly tutorial to prepare apps (signing, versioning,...) for Google Market?
Thanks in advance!
The .java source code is not included in the APK.
It is possible to disassemble the Dalvik bytecode into bytecode mnemonics using a tool like baksmali, but there's no way a user can recover the original .java source.
Furthermore, you can use a tool like proguard (included in the Android SDK) to obfuscate your byte code, making it hard to interpret the behavior of the disassembled bytecode.
You can make small tricks too, like storing the link string in some sort of obfuscated form, and then de-obfuscating it at run-time in your app (a simple example would be to use base 64 encoding, but someone could probably reverse that quickly if they wanted to).
That said, it's pretty trivial for someone to run tcpdump and sniff the network traffic between your device and the server, and get the URL that way, so there's no way to completely prevent anyone from getting this value.
Yeah, its impossible to fully prevent something like this. Its the same on a desktop application, or any other application.
As mentioned, obfuscation will help, but people who are persistent can still get past it. Especially for something like a url like that.
One solution of making it much more tricky for hackers is to use PHP on your webserver and some sort of token system to determine if the request is coming from your app or not... That would get a bit tricky though, so I don't really suggest it.
This question already has answers here:
How to create my own file extension like .odt or .doc? [closed]
(3 answers)
Closed 8 years ago.
I'm on my way in developing a desktop application using netbeans(Java Dextop Application) and I need to implement my own file format which is specific to that application only. I'm quite uncertain as to how should I go about first.What code should I use so that my java application read that file and open it in a way as I want it to be.
If it's character data, use Reader/Writer. If it's binary data, use InputStream/OutputStream. That's it. They are available in several flavors, like BufferdReader which eases reading a text file line by line and so on.
They're part of the Java IO API. Start learning it here: Java IO tutorial.
By the way, Java at its own really doesn't care about the file extension or format. It's the code logic which you need to write to handle each character or byte of the file according to some file format specification (which you in turn have to writeup first if you'd like to invent one yourself).
I am not sure this directly addresses your question, but since you mentioned a custom file format, it is worth noting that applications launched using Java Web Start can declare a file association. If the user double clicks one of those file types, the file name will be passed to the main(String[]) of the app.
This ability is used in the File Service demo. of the JNLP API - available at my site.
As to the exact format of the file & the best ways to load and save it, there are a large number of possibilities that can be narrowed down with more details of the information it contains.
Choosing a new/existing file extension does not affect your application (or in any case anyone's). It is upto the programmer what files he wants his app to read.
For example, you may consider you can't read a pdf or doc directly as a text file....but that is not because they are written/ stored differently, but because they have headers or characters which your app does not understand. So we might use a plugin or extension which understands those added headers ( or rather the grammar of the pdf /doc file) removes them & lets our app know what text (or anything else) it contains.
So if you wish to incorporate your own extension, & specifically want no other application to be able to read it, just write the text in a way that only your program is able to understand. Though writing a file in binary pretty much ensures that your file is not read directly just by user opening a file, but it is however still possible to read from it, if it is merely collection of raw characters.
If you ask code for hiding a data, I'd say there are plenty of algorithms you might use, which usually get tagged as encryptions cause you are basically trying to lock/hide your stuff. So if you do not really care for the big hulla-bulla, simply trying to keep a file from being directly read & successful attempts to read the file does not cause any harm to your application, write it in binary.