I need to save private data as a world readable file in order to allow the user to share it with an application of his choice (but not with any else).
I thought I could create a public file into a private subdir, and delete it 5 mins (or so) later.
I could also give the subdir a long hashed name to prevent any kind of name guessing/brutebruteforce.
My questions are:
-
the private dir will be impossible to list, right ?
-
is it possible for any application (on a non-rooted phone) to copy the whole application data to somewhere and thus get the file?
Maybe it’s better to create a content provider for your files and protect it with your permission.
a) Yes, it’s like standard linux file permissions.
b) If the applications do not share the same uid then it is impossible.