Vault: an advanced Storage Access Framework example

Vault: an advanced Storage Access Framework example

Recently, I’ve been working on the new Android Storage Access Framework which introduces an abstraction layer between apps that work with files and apps that can store those files. This is powerful because apps like QuickOffice can now use simple intents to open and save documents using any storage app that implements a DocumentsProvider.  The DocumentsProvider API is designed to support a wide range of storage types, including cloud storage, physical media, etc.

https://developer.android.com/guide/topics/providers/document-provider.html

As an advanced DocumentsProvider example, I wrote “Vault” which encrypts all files that a user saves inside.  It keeps data encrypted with AES-128 while at rest, and uses Unix pipes to encrypt/decrypt data on the fly.  It protects the encryption key by wrapping it using a hardware-backed KeyStore, if available.  It also uses a new feature of ParcelFileDescriptor to detect when a remote process has encountered an error or crashed, indicating that any partially written data should be ignored and rolled back.

https://android.googlesource.com/platform/development/+/master/samples/Vault/

Hopefully this advanced example is helpful as you look at implementing your own DocumentsProvider.  :)