# How to apply Android DataSealing

# 1. DataSealing requirement.

  • Supported from AppSealing version 2.23.0.0.
  • DataSealing is currently supported only for Android Native C/C++ (NDK). Therefore, it is not available by default in other frameworks (e.g., Java/Kotlin, Unity, Flutter). Instead, if you are using any plug-in that can work with Native C/C++ in these frameworks, you can apply the DataSealing by following this guide.
  • We plan to increase the service pool of DataSealing by supporting various frameworks through future updates.

# 2. How to apply DataSealing to your project.

DataSealing provides a function that securely encrypts and stores binary file data without additional coding, and allows you to directly read and use the encrypted data.

DataSealing supports native File I/O functions and native AssetManager related functions, and Java File I/O and Java AssetManager related functions will be supported in a future version.

You don’t no need to download an SDK or library to apply DataSealing to your app, and if you follow a few rules, you can apply the existing coding method as it is.

# Applying Assets file encryption

You only need to remember one rule to encrypt your asset files included in your APK. Create a folder named “ASDP” under the “assets” folder and move all asset files you want to encrypt into this folder. Assets in “ASDP” are automatically encrypted when sealing and decrypted automatically when using AssetManager-related native functions in your app.

image1.png

4 asset files are used In the previous example project, my_asset1.bin and my_asset2.dat files added in the ASDP folder will be encrypted at the sealing phase, and my_asset3.bin and my_asset4.dat files added directly under the assets folder will not be encrypted.

These encrypted asset files are automatically decrypted inside AppSealing logic if you use the AssetManager-related native functions in JNI native code. The available AssetManager functions are:

- AAssetManager_open
- AAsset_getBuffer
- AAsset_getLength
- AAsset_getLength64
- AAsset_getRemainingLength
- AAsset_getRemainingLength64
- AAsset_read
- AAsset_seek
- AAsset_seek64
- AAsset_close

Let's see an example code that uses the encrypted “my_asset1.bin” file. (Null check and Error check are omitted)

AAssetManager* am = AAssetManager_fromJava( env, AssetManager );
AAsset* asset = AAssetManager_open( am, "ASDP/my_asset1.bin", AASSET_MODE_UNKNOWN );
int fileSize = AAsset_getLength( asset );
unsigned char* buffer = ( unsigned char* )AAsset_getBuffer( asset );
memcpy( data_buffer, ( const void* )buffer, fileSize );
AAsset_close( asset );

There is nothing different from the legacy code used to read the asset file. When the asset file is read in this way, decryption of asset file data is performed in the AAsset_getBuffer step before the memcpy is executed, and the buffer will contain the original data.

# Support encryption of general binary file

Encryption can also be applied to binary files that are dynamically generated while the app is running. If you add the prefix “ASDP_” in front of the name of the newly created binary file, the encryption & decryption is automatically applied to the process of writing/reading data to/from the file. However, since this encryption/decryption process works only for binary files, the “b” character must be included in the mode parameter used in “fopen” function call. Automatic encryption/decryption does not work when the file is opened with a mode parameter that does not include the “b” character.

The available file I/O functions to handle encrypted binary files are:

- fopen
- fseek
- ftell
- fread
- fwrite
- fclose

Following is the general file creation code. (Null check and Error check are omitted) If the file name starts with “ASDP_”, all data stored in the file is encrypted. In the code below, all 4K bytes of data in the memory buffer named ‘secure_data’ will be encrypted before storing.

FILE* fp = fopen( "/files/ASDP_my_secure_data.bin", "wb" );
int len = fwrite( secure_data, 1, 4096, fp );
fclose( fp );

The same rule applies to reading data from a file. The following is a general file reading code that opens the previously created file in “rb” mode and reads 2K byte data from 1024 offset. The data read in the buffer is automatically decrypted and saved.

FILE* fp = fopen( "/files/ASDP_my_secure_data.bin", "rb");
char buffer[4096] = { 0x00, };
fseek( fp, 1024, SEEK_SET );
int len = fread( buffer, 1, 2048, fp );
fclose( fp );

How to use DataSealing can be summarized as follows.

android_data_sealing_2.png

# 3. How to activate DataSealing at AppSealing Developer Console.

When the DataSealing is applied with the Native_API enabled setting, the following confirmation window is displayed before sealing starts, and if you agree with the content, the DataSealing feature is activated on the app, and sealing is automatically restarted.

en_datasealing_popup.png

# 4. Pricing

If you want to check the pricing model for DataSealing, click here

Last Updated: 4/3/2023, 7:42:28 AM

AppSealing On-Premise Architecture