A practical guide to securely handling user-uploaded files in Android apps. Covers reading files via URI using a custom RequestBody with OkHttp, encrypting local storage with androidx.security.crypto's EncryptedFile (AES256-GCM), and exposing encrypted files to third-party apps via a custom ContentProvider. Key implementation details include creating ParcelFileDescriptor for encrypted streams using a temp file with auto-delete callback, building correct content URIs, and granting read permissions via Intent flags. Ends with a reflection on whether local encryption is always necessary given Android's app sandbox.
Table of contents
Getting a file from the userSaving in encrypted formatHow a third-party app can safely read your encrypted fileGet Pavel ’s stories in your inboxCreating ParcelFileDescriptorCreating a correct URI for FileDecryptionContentProviderReflection on encryptionSort: