Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
add support for isolated shared storage #526
Comments
thestinger
added
the
Type: enhancement
label
Dec 11, 2016
thestinger
changed the title from
protected shared storage
to
isolated shared storage
Dec 16, 2016
thestinger
changed the title from
isolated shared storage
to
add support for isolated shared storage
Dec 16, 2016
thestinger
added
the
project
label
Dec 25, 2016
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment
bunsim
Jan 27, 2017
This is also important if you have to run untrustworthy applications that don't have suspicious permissions other than shared storage. On stock Android shady Chinese chat apps I have to use for work can see all my camera photos, downloads, etc, and it's difficult to use my phone under the assumption that shared storage is always compromised. Blocking app access to things like location and microphone typically is handled gracefully, but these apps store things like chat logs in shared storage and thus completely break without access.
bunsim
commented
Jan 27, 2017
|
This is also important if you have to run untrustworthy applications that don't have suspicious permissions other than shared storage. On stock Android shady Chinese chat apps I have to use for work can see all my camera photos, downloads, etc, and it's difficult to use my phone under the assumption that shared storage is always compromised. Blocking app access to things like location and microphone typically is handled gracefully, but these apps store things like chat logs in shared storage and thus completely break without access. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment|
You can use multiple user profiles. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment
bunsim
Feb 1, 2017
That's a solution, but it would prevent me from getting notifications, etc from the "spyware" user when using my "safe" user profile.
bunsim
commented
Feb 1, 2017
•
edited
Edited 1 time
-
bunsim
edited Feb 1, 2017
edited
-
Feb 1, 2017
|
That's a solution, but it would prevent me from getting notifications, etc from the "spyware" user when using my "safe" user profile. |
thestinger commentedDec 11, 2016
•
edited
Edited 1 time
-
thestinger
edited Dec 16, 2016
In almost all cases, apps should be avoiding shared storage and using content providers and other sane mechanisms with fine-grained control for sharing data with other apps. However, the reality is that many apps including some in the base system abuse shared storage as the default and often only option for their data. It makes sense for it to be an option, but not the default. Apps should really own and control their own data, with it moved to shared storage only upon request by the user.
This can be worked around by adding isolated shared storage, where apps are really directed towards a subdirectory within shared storage that's only accessible by the assigned app and the built-in file manager. The directory can be named based on the app id and a hash of the public key it's signed with, with it only accessible to that app id + signature along with an exception for the built-in file manager. Users will be able to manage and share the files via the file manager, just as they could before, but otherwise the data will be private and not automatically scanned by the media scanner, etc.
Isolated shared storage can be a per-app toggle with it set as the default for legacy apps. For modern apps, it could potentially be offered as an option in the prompts for requesting access to shared storage. After the user selects allow in the storage access permission prompt, it could be followed up with one asking whether it should be isolated.