Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update 0x05d-Testing-Data-Storage: Internal Storage, External Storage incl. Scoped Storage, APIs and permissions #3179

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Update 0x05d-Testing-Data-Storage: Internal Storage, External Storage incl. Scoped Storage, APIs and permissions #3179

wants to merge 3 commits into from

Conversation

cpholguera
Copy link
Collaborator

This pull request updates Document/0x05d-Testing-Data-Storage.md file, focusing on improving the guidance for handling data storage on Android. The changes include replacing Java examples with Kotlin, expanding on internal and external storage security practices, and updating information on scoped storage and related permissions.

Key changes:

Internal Storage:

  • Replaced Java code snippet with a Kotlin example for storing sensitive information in internal storage.
  • Added guidelines to ensure proper file access modes and referenced Android Security Guidelines.

External Storage:

  • Expanded the section on external storage to include risks, security guidelines, and best practices.
  • Detailed the use of scoped storage, including how to opt-out and permissions required for accessing media files.
  • Provided examples of querying the MediaStore and handling permissions for accessing external storage.

MediaStore API:

  • Introduced the MediaStore API section, explaining how to interact with media and non-media files and the permissions required for different Android versions.

Manifest Permissions:

  • Updated and detailed the permissions required for accessing external storage, including READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and MANAGE_EXTERNAL_STORAGE.
  • Explained the new permissions READ_MEDIA_IMAGES, READ_MEDIA_VIDEO, and READ_MEDIA_AUDIO introduced in Android 13.

@cpholguera cpholguera requested a review from serek8 February 24, 2025 10:55
@cpholguera cpholguera requested a review from sushi2k February 28, 2025 08:53
serek8
serek8 approved these changes Feb 28, 2025
View reviewed changes
Copy link
Collaborator

@serek8 serek8 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left only one optional suggestion

Document/0x05d-Testing-Data-Storage.md
>
> If the user uninstalls and reinstalls your app, however, you must request [READ_EXTERNAL_STORAGE](https://developer.android.com/reference/android/Manifest.permission#READ_EXTERNAL_STORAGE) to access the files that your app originally created. This permission request is required because the system considers the file to be attributed to the previously installed version of the app, rather than the newly installed one.

For example, trying to access a file stored using the `MediaStore` API with a `content://` URI like `content://media/external_primary` would only work as long as the image _belongs_ to the invoking app (due to `owner_package_name` attribute in the `MediaStore`). If the app calls a `content://` URI that does not belong to the app, it will fail with a `SecurityException`:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good example. I can't tell for Android devs but wouldn't an example with getExternalFilesDir be easier here?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please post a suggestion with that case as well, we can have both but wanted to definitely highlight this

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wanted to suggest the following:

Suggested change
For example, trying to access a file stored using the `MediaStore` API with a `content://` URI like `content://media/external_primary` would only work as long as the image _belongs_ to the invoking app (due to `owner_package_name` attribute in the `MediaStore`). If the app calls a `content://` URI that does not belong to the app, it will fail with a `SecurityException`:
For example, if you create a file within the external storage in the following way:
```kotlin
val path = Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_PICTURES);
val file = File(path, "image.jpg");
FileOutputStream(file).use {
bitmap.compress(Bitmap.CompressFormat.JPEG, 100, it)
}
Accessing this image would only work as long as the image belongs to the invoking app.

But now when I think of it, the app would require WRITE_EXTERNAL_STORAGE, which isn't possible anymore. I believe that the current example fits just right.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@serek8 serek8 serek8 approved these changes

@sushi2k sushi2k Awaiting requested review from sushi2k

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Android MASVS-STORAGE
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cpholguera @serek8