Asked this over at XDA, but no one replied. This post is primarily pertaining to Gmail and Google Drive on Android. Currently when I open a document (pdf, docx, xlsx, etc) from Gmail or Google Drive the files open in Quickoffice as expected (clearly a local copy is being cached SOMEWHERE).
If I choose to make a file available offline in Google Drive it is available in ./sdcard/Android/<something docs>. I do enable offline document encryption (a setting in Drive), so the contents of the file are scrambled and unusable. With Gmail if I save locally it creates the file in ./Downloads/. All of this is fine and expected.
My concern is for the first situation where where the file is opened and cached, but not permanently saved. I cannot find where this is cached locally. I am hoping it is /data/ so other apps have no visibility into this.
The reason I am asking is for security purposes. The inherent design of Android is open due to the ./sdcard/ directory. Obviously any app on my phone can see any file there. Sometimes I have sensitive attachments I don't want exposed in these public directories (as a side note I hate that Chrome downloads are saved publicly with no option to change this). Are Gmail attachments and Google Drive documents cached securely in /data/ where other apps cannot access them when all I do is "preview" and not explicitly download a local copy?
One other question, assuming these documents are cached in /data/<something Gmail/Drive>. My understanding is that in /data/ that an app only has access to its home directory in data, which NO other app can see or access in any way. How then does Quickoffice, Adobe Reader, Gallery, etc access these cached documents from a directory they can't even know exist due to the inherent architecture of Android?
If I choose to make a file available offline in Google Drive it is available in ./sdcard/Android/<something docs>. I do enable offline document encryption (a setting in Drive), so the contents of the file are scrambled and unusable. With Gmail if I save locally it creates the file in ./Downloads/. All of this is fine and expected.
My concern is for the first situation where where the file is opened and cached, but not permanently saved. I cannot find where this is cached locally. I am hoping it is /data/ so other apps have no visibility into this.
The reason I am asking is for security purposes. The inherent design of Android is open due to the ./sdcard/ directory. Obviously any app on my phone can see any file there. Sometimes I have sensitive attachments I don't want exposed in these public directories (as a side note I hate that Chrome downloads are saved publicly with no option to change this). Are Gmail attachments and Google Drive documents cached securely in /data/ where other apps cannot access them when all I do is "preview" and not explicitly download a local copy?
One other question, assuming these documents are cached in /data/<something Gmail/Drive>. My understanding is that in /data/ that an app only has access to its home directory in data, which NO other app can see or access in any way. How then does Quickoffice, Adobe Reader, Gallery, etc access these cached documents from a directory they can't even know exist due to the inherent architecture of Android?
Facebook
Twitter