Internal and external storage security

Under Android the on disk storage is split into two areas: internal storage and external storage.

Often the external storage is physically removable like an SD card, but it need not be. The distinction between internal and external storage is actually about the way access to the files is controlled.

Internal storage

By default any files that your app writes to the internal storage of an Android device are only accessible by your app. This protection is enforced by the Linux kernel through the app sandbox (as described in Week 3), and includes any files created indirectly by SQLite databases etc. If you want to share the content of your files with other apps you should use a Content Provider.

Important: use of the MODE_WORLD_READABLE and MODE_WORLD_WRITEABLE file modes is strongly discouraged as it provides no mechanism by which access can be controlled, and from API level 17, use of these modes has been deprecated. In fact, in Android 7.0 (API level 24) attempting to use these modes will throw a SecurityException. The correct alternative is to use a Content Provider. We will explain how shortly.

External storage

Files created on external storage are world readable and writeable, i.e. any app can read or write to them. Indeed, since external storage can (often) be removed from the device and connected to any other computer, it is not possible to enforce access control for files on external storage.

This means any app that uses external storage should:

  1. Encrypt any sensitive data that it writes to external storage.

  2. Perform input validation on any data that it reads from external storage.

From a security perspective therefore, the best policy is for your app to not use external storage unless it really needs to.

File Providers

The correct way to share files between apps is not to use external storage, or attempt to make files in internal storage world readable and writeable, but instead to use a Content Provider.

A FileProvider is a type of Content Provider specifically created for this purpose.

It provides a content://path URI instead of a file://path URI, and read or write access to the file can be granted to individual apps through URI permissions. This is much more flexible than the traditional approach of using filesystem permissions.

A FileProvider can be configured entirely in XML without writing any code by adding an appropriate <provider> element to the AndroidManifest.xml file.

The Android documentation provides a lot more details on how to specify which files your app can share, and how another app can use the FileProvider to access those files.

Share this article:

This article is from the free online course:

Secure Android App Development

University of Southampton