Open file securely with an external Android application without copying the file onto the external storage

Question

I'm doing a secure application, where an user can browse some file and open them with application presents on the phone. So for now, my application is really secure, files are well encrypted, but I have one MAJOR break. Indeed, I'm using my application to open the user secure files which are of different types (pdf, doc, txt, jpg, ...) so I'm using the external application presents on the user phone to open them. But my issue is here, because to let another application to open these files, I need to provide an Android storage location to the application that I want to use.

Here is the code that I'm using right now:

Intent intent = new Intent();
intent.setAction(android.content.Intent.ACTION_VIEW);
File fileToOpen = new File(activity.getExternalCacheDir().getAbsolutePath() + 
    "/" + fileName);

MimeTypeMap mime = MimeTypeMap.getSingleton();
String extension = fileToOpen.getName().substring(
        fileToOpen.getName().lastIndexOf(".") + 1);
String type = mime.getMimeTypeFromExtension(extension);
intent.setAction(Intent.ACTION_VIEW);

intent.setDataAndType(Uri.fromFile(fileToOpen), type);

Manager.getActivity().startActivityForResult(intent,
        ExplorerActivity.FILE_CLOSED_SUCCESSFULLY);

So, as you can see in my code, I need to store my real file into the cache directory to open it, so if a thief has an access to the user phone, it can open real files presents into this directory so my application is not secure anymore. Of course I'm deleting this plain file right after the user has closed it and I have encrypted it, but the deletion doesn't mean that the file is totally deleted from the phone. Before deletion, I'm rewriting with some null byte but it's not enough for a secure deltion of this file.

So now, what I want from you it's an idea to achieve what I want to do: open a file without storing it into the Android hard storage.

Here are some leads that I had:

• Open the file with my own app (but it's a lot to implement because there are too many types of files, and I really don't like to develop something which exists already)
• Find a solution to open the file without storing it externally of my application (What I mean is to open the file directly with the byte array of this file)
• Store the file into the phone RAM (I don't know if it is possible)

So this is a non-exhaustive list and any other suggestion will be appreciated. And if you can provide any help about one of the solution that I have proposed, please don't hesitate. Don't hesitate also to tell me if one of my ideas are completely impossible or wrong.

Answer 1

Have you tried your own contentProvider which overrides openFile , so files that are private to your app are opened by you and you return filedescriptor which is accessible to other apps