add support for isolated shared storage #526

Open
thestinger opened this Issue Dec 11, 2016 · 3 comments

Comments

Projects
None yet
2 participants
@thestinger
Contributor

thestinger commented Dec 11, 2016

In almost all cases, apps should be avoiding shared storage and using content providers and other sane mechanisms with fine-grained control for sharing data with other apps. However, the reality is that many apps including some in the base system abuse shared storage as the default and often only option for their data. It makes sense for it to be an option, but not the default. Apps should really own and control their own data, with it moved to shared storage only upon request by the user.

This can be worked around by adding isolated shared storage, where apps are really directed towards a subdirectory within shared storage that's only accessible by the assigned app and the built-in file manager. The directory can be named based on the app id and a hash of the public key it's signed with, with it only accessible to that app id + signature along with an exception for the built-in file manager. Users will be able to manage and share the files via the file manager, just as they could before, but otherwise the data will be private and not automatically scanned by the media scanner, etc.

Isolated shared storage can be a per-app toggle with it set as the default for legacy apps. For modern apps, it could potentially be offered as an option in the prompts for requesting access to shared storage. After the user selects allow in the storage access permission prompt, it could be followed up with one asking whether it should be isolated.

@thestinger thestinger changed the title from protected shared storage to isolated shared storage Dec 16, 2016

@thestinger thestinger changed the title from isolated shared storage to add support for isolated shared storage Dec 16, 2016

@thestinger thestinger added the project label Dec 25, 2016

@bunsim

This comment has been minimized.

Show comment Hide comment
@bunsim

bunsim Jan 27, 2017

This is also important if you have to run untrustworthy applications that don't have suspicious permissions other than shared storage. On stock Android shady Chinese chat apps I have to use for work can see all my camera photos, downloads, etc, and it's difficult to use my phone under the assumption that shared storage is always compromised. Blocking app access to things like location and microphone typically is handled gracefully, but these apps store things like chat logs in shared storage and thus completely break without access.

bunsim commented Jan 27, 2017

This is also important if you have to run untrustworthy applications that don't have suspicious permissions other than shared storage. On stock Android shady Chinese chat apps I have to use for work can see all my camera photos, downloads, etc, and it's difficult to use my phone under the assumption that shared storage is always compromised. Blocking app access to things like location and microphone typically is handled gracefully, but these apps store things like chat logs in shared storage and thus completely break without access.

@thestinger

This comment has been minimized.

Show comment Hide comment
@thestinger

thestinger Jan 30, 2017

Contributor

You can use multiple user profiles.

Contributor

thestinger commented Jan 30, 2017

You can use multiple user profiles.

@bunsim

This comment has been minimized.

Show comment Hide comment
@bunsim

bunsim Feb 1, 2017

That's a solution, but it would prevent me from getting notifications, etc from the "spyware" user when using my "safe" user profile.

bunsim commented Feb 1, 2017

That's a solution, but it would prevent me from getting notifications, etc from the "spyware" user when using my "safe" user profile.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment