I am developing an application for Android 2.2 that lets the user purchase and download images from web server.Once he downloads these images, only this application should be able to view these images. One of the possible way I could think of was to encrypt and save the images in the SD card.
But,my concern is that, even after encryption, these files will be visible for file explorer applications(which can delete/rename/move the files). Is it possible to store these files in SD card in such a way that, it is not visible to other applications?
There is a forward locking functionality in BlackBerry(http://www.blackberry.com/developers/docs/4.5.0api/net/rim/device/api/io/file/ExtendedFileConnection.html.Once) the file is saved onto sd card using this method, it will be visible only to the corresponding application and device.Is there something like that for android?
Will it be advisable to store the images in sqlite database.The database file is not visible to other apps in the phone.(PS: There will be large number of images)
Is it possible to save the image files as .asec files. Is there any api that convert a file to .asec format?I understand .asec files won’t be shown by File explorers.
Please could you direct me or suggest an ideal solution for this scenario.
There is a solution to store the data on the SD-Card in a way that makes it impossible to see the files in an on device file viewer on a non rooted phone.
The solution is to save the data in your apps data folder and activate the automatic location choosing for your app in the manifest. This lets the user choose where to save the app external or internal and all the images are inside the private folder that is owned by the app.
There is only one drawback. The user can delete all files through the app manager. She will be warned that this will may break the app but if there is no way to redownload images the user will loose all purchased items if the app gets deleted or the user decides it would be a good thing to delete the app data.
On a rooted phone however the images can be copied away from the private folder. Therefore you should think about encrypting the image in some way. Encrypting however is not that easy because the user can always try to extract the encryption key from your sourcecode or network traffic.