热门关键字:   网站安全  黑客攻防  安全漏洞  系统安全  网络安全

android安全-数据存储

发布时间:2011-12-08 16:31文章来源:网络文章作者:DODO 点击次数:
摘要:一、android的数据存储方式 android可以使用以下几种方式来存储数据: 1、Shared Preferences 存储私有数据,数据形式为键值对 2、Internal Storage 存储私有数据,数据存储在设备内存中 3、External Storage 存储公共数据,数据存储在外部的共享存储,比如:...

一、android的数据存储方式

android可以使用以下几种方式来存储数据:

1、Shared Preferences

存储私有数据,数据形式为键值对

2、Internal Storage

存储私有数据,数据存储在设备内存中

3、External Storage

存储公共数据,数据存储在外部的共享存储,比如:sdcard

4、SQLite Database

存储私有数据,数据存储在Sqlite数据库中

5、Network Connection

数据存储在服务器

1、2、3、4都是在本地存储,5是在server端存储;1、2、4三种方式的数据存储方式相对安全,3由于数据被共享,则不适合存储敏感数据。

 

二、实例

1、Shared Preferences

SharedPreActivity.java

两个edittext name和phone分别存储姓名和手机,存储文件为info.xml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package com.xiaod.SharedPre;
 
import android.app.Activity;
import android.content.SharedPreferences;
import android.os.Bundle;
import android.view.View;
import android.view.View.OnClickListener;
import android.widget.Button;
import android.widget.EditText;
import android.widget.Toast;
 
public class SharedPreActivity extends Activity {
    private EditText et_name;
    private EditText et_phone;
    private Button btn_save;
    private Button btn_read;
    /** Called when the activity is first created. */
    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.main);
        et_name = (EditText) findViewById(R.id.et_name);
        et_phone = (EditText) findViewById(R.id.et_phone);
        btn_save = (Button) findViewById(R.id.btn_save);
        btn_read = (Button) findViewById(R.id.btn_read);
 
        btn_save.setOnClickListener(new OnClickListener(){
 
            @Override
            public void onClick(View v) {
                // TODO Auto-generated method stub
                if(et_name.getText().toString().equals("") || et_phone.getText().toString().equals(""))
                {
                    Toast.makeText(SharedPreActivity.this, "姓名或电话为空",  Toast.LENGTH_LONG).show();
                }
                else
                {
                    SharedPreferences store = getSharedPreferences("info", 0);
                    SharedPreferences.Editor editor = store.edit();
                    editor.putString("name", et_name.getText().toString());
                    editor.putString("phone", et_phone.getText().toString());
                    editor.commit();
                }
            }
 
        });
 
        btn_read.setOnClickListener(new OnClickListener(){
 
            @Override
            public void onClick(View v) {
                // TODO Auto-generated method stub
                SharedPreferences store = getSharedPreferences("info", 0);
                String name = store.getString("name", null);
                String phone = store.getString("phone", null);
                et_name.setText(name);
                et_phone.setText(phone);
            }
 
        });
    }
}

界面如下:

adb连入shell,查看程序目录,所有者和组都是app_46,所有者和组权限都是7,other是1,也就是说数据目录只允许当前应用访问

shared preferences以xml的形式存储数据

 

2、Internal Storage
IntStorageActivity.java,编辑框用于输入key,按钮保存用于写入文件,读取则读取已保存的文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
package com.xiaod.IntStorage;
 
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
 
import android.app.Activity;
import android.content.Context;
import android.os.Bundle;
import android.view.View;
import android.view.View.OnClickListener;
import android.widget.Button;
import android.widget.EditText;
import android.widget.Toast;
 
public class IntStorageActivity extends Activity {
    private EditText et_key;
    private Button btn_save;
    private Button btn_read;
    /** Called when the activity is first created. */
    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.main);
        et_key = (EditText) findViewById(R.id.et_key);
        btn_save = (Button) findViewById(R.id.btn_save);
        btn_read = (Button) findViewById(R.id.btn_read);
 
        btn_save.setOnClickListener(new OnClickListener(){
 
            @Override
            public void onClick(View v) {
                // TODO Auto-generated method stub
                if(et_key.getText().toString().equals(""))
                {
                    Toast.makeText(IntStorageActivity.this, "KEY为空",  Toast.LENGTH_LONG).show();
                }
                else
                {
                    String FILENAME ="key";
                    String key = et_key.getText().toString();
                    FileOutputStream fos;
                    try {
                        fos = openFileOutput(FILENAME, Context.MODE_PRIVATE);
                        fos.write(key.getBytes());
                        fos.close();
                    } catch (IOException e) {
                        // TODO Auto-generated catch block
                        e.printStackTrace();
                    }
                }
            }
 
        });
 
        btn_read.setOnClickListener(new OnClickListener(){
 
            @Override
            public void onClick(View v) {
                // TODO Auto-generated method stub
                String FILENAME ="key";
                byte key[] = new byte[10];
                FileInputStream fos;
                try {
                    fos = openFileInput(FILENAME);
                    fos.read(key);
                    et_key.setText(new String(key));
                } catch (FileNotFoundException e) {
                    // TODO Auto-generated catch block
                    Toast.makeText(IntStorageActivity.this, "文件不存在",  Toast.LENGTH_LONG).show();
                } catch (IOException e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                }
            }
 
        });
    }
}

界面如下:

输入231,点保存之后,查看设备上文件


所有者和组为app_47,权限660,数据文件只允许当前应用访问

 

3、External Storage
外部存储,一般为sdcard,界面和Internal Storage一致,区别在于存储位置,代码如下

ExtStorageActivity.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package com.xiaod.ExtStorage;
 
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
 
import android.app.Activity;
import android.os.Bundle;
import android.os.Environment;
import android.view.View;
import android.view.View.OnClickListener;
import android.widget.Button;
import android.widget.EditText;
 
public class ExtStorageActivity extends Activity {
    boolean mExternalStorageAvailable = false;
    boolean mExternalStorageWriteable = false;
    private Button btn_read;
    private Button btn_write;
    private EditText et_content;
    private String content;
    String mSDState = Environment.getExternalStorageState();
    /** Called when the activity is first created. */
    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.main);
        btn_read = (Button)findViewById(R.id.btn_read);
        btn_write = (Button)findViewById(R.id.btn_write);
        et_content = (EditText)findViewById(R.id.et_content);
 
        if (Environment.MEDIA_MOUNTED.equals(mSDState)) {
            // We can read and write the media
            mExternalStorageAvailable = mExternalStorageWriteable = true;
        } else if (Environment.MEDIA_MOUNTED_READ_ONLY.equals(mSDState)) {
            // We can only read the media
            mExternalStorageAvailable = true;
            mExternalStorageWriteable = false;
        } else {
            // Something else is wrong. It may be one of many other states, but all we need
            //  to know is we can neither read nor write
            mExternalStorageAvailable = mExternalStorageWriteable = false;
        }      
 
        btn_write.setOnClickListener(new OnClickListener(){
 
            @Override
            public void onClick(View v) {
                try {
                    WriteToSDcard("key", "ExtStorage", et_content.getText().toString());
                } catch (IOException e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                }
            }
 
        });
 
        btn_read.setOnClickListener(new OnClickListener() {
 
            @Override
            public void onClick(View v) {
                // TODO Auto-generated method stub
                    try {
                        content = ReadFromSDcard("key", "ExtStorage");
                    } catch (IOException e) {
                        // TODO Auto-generated catch block
                        e.printStackTrace();
                    }
                    et_content.setText(content);
            }
        });
    }
 
    public boolean WriteToSDcard(String file, String destDir, String szInText) throws IOException {
        if(mExternalStorageWriteable == true) {
            File mSDPath = android.os.Environment.getExternalStorageDirectory();
            File mDestPath = new File(mSDPath.getAbsoluteFile() + File.separator + destDir);
            File mFile = null;
            if(!mDestPath.exists()) {
                mDestPath.mkdirs();
            }
            mFile = new File(mDestPath + File.separator + file);
            if(!mFile.exists()) {
                try {
                    mFile.createNewFile();
                } catch (IOException e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                }
            }
            FileOutputStream mOutputStream;
            mOutputStream = new FileOutputStream(mFile);
            mOutputStream.write(szInText.getBytes());
            mOutputStream.close();
            return true;
        }
        return false;
    }
 
    public String ReadFromSDcard(String file, String destDir) throws IOException {
        String szOutText = null;
        if(mExternalStorageAvailable == true) {
            File mSDPath = android.os.Environment.getExternalStorageDirectory();
            File mFile = new File(mSDPath.getAbsoluteFile() + File.separator + destDir + File.separator + file);
            if(mFile.exists()) {
                FileInputStream inputStream = new FileInputStream(mFile);
                byte[] buffer = new byte[10];
 
                inputStream.read(buffer);
                inputStream.close();
                szOutText = new String(buffer);
            }
        }
        else
        {
            return "Error: File not Found!";
        }
        return szOutText;
    }
}

界面如下:

查看设备上文件

sdcard卡上所有目录所属组都为sdcard_rw,权限为075,组可以读写,其他用户可读。

文件存储在sdcard上,所有应用都可以读取

 

4、SQLite Database
实例使用android安全-sql injection中代码

查看设备中sqlite db权限

db权限组和用户都属于app_40,权限为660,数据文件只允许当前应用访问

 

 三、数据存储安全性

经过以上实验,总结如下:

Shared Preferences,数据文件只允许当前应用访问,安全性相对较好,适合存储key-value类数据

Internal Storage,数据文件只允许当前应用访问,安全性相对较好,适合存储文件型数据

External Storage,数据文件所有应用可读取,没有安全性,不合适存储敏感数据

SQLite Database,数据文件只允许当前应用访问,安全性相对较好,适合存储在数据库中数据

标签分类:

上一篇:android安全-activity劫持
下一篇:android安全-intent