Skip to main content

Storage and Encryption | Android Document Scanner


Since version 1.39.0 the Scanbot SDK for Android uses the internal storage by default. All files generated by the Scanbot SDK (images, PDF files, thumbnails, temp files, etc.) are stored in the application data directory. Using the internal storage provides the following benefits:

  • all stored files are accessible by only your app
  • does not require storage permission prompts for your users.

For more details about the Android file storage system we highly recommend checking out:

Change the default storage directory

It is strongly recommended to use the internal storage. However, you can override the default storage directory of the Scanbot SDK on initialization. The ScanbotSDKInitializer class provides the method sdkFilesDirectory(Application application, File sdkFilesDirectory) which allows you to change the default storage directory.


import io.scanbot.sdk.ScanbotSDKInitializer


// Example for using a sub-folder in the external(!) storage:
val customStorageDir = File(getExternalFilesDir(null), "my-custom-storage-dir")

.sdkFilesDirectory(this, customStorageDir)

When overriding the default storage location, make sure

  • you have implemented suitable storage permissions request handling
  • the storage directory is available (e.g. unmounted SD card).

Storage encryption


Please note Encryption is not enabled by default.

The Scanbot SDK provides the ability to encrypt all stored images and PDF files in the SDK app folder.

To accomplish this you have to follow these steps:

  1. Add the Scanbot SDK Crypto Persistence library to your app dependencies
  1. Enable files encryption in ScanbotSDKInitializer
// ...

The default Encryptor implementation uses the AndroidX Crypto solution under the hood (more info can be found here).

The files encryptor uses the AES256_GCM_HKDF_4KB file encryption scheme (more info can be found here).


security-crypto AndroidX library is still in development and has an Alpha version

Additionally, the Scanbot SDK provides a custom AES based encryption solution io.scanbot.sdk.persistence.fileio.AESEncryptedFileIOProcessor. To enable it you have to set it in the SDK initializer in the useFileEncryption() method:

.useFileEncryption(true, AESEncryptedImageFileIOProcessor("any_user_password", AESEncryptedFileIOProcessor.AESEncrypterMode.AES256))

AESEncryptedImageFileIOProcessor publicly exposes initial salt, iterations count and IV (initialization vector) values and the generated key:

val scanbotSDK = ScanbotSDK(context)
val aesEncryptedFileIOProcessor = scanbotSDK.fileIOProcessor() as AESEncryptedFileIOProcessor

val generatedKey = aesEncryptedFileIOProcessor.key
val initialSalt = aesEncryptedFileIOProcessor.salt
val initialIterationCounts = aesEncryptedFileIOProcessor.iterationCount
val initialIV = aesEncryptedFileIOProcessor.initializationVector

AESEncryptedFileIOProcessor does not save the password in secure storage between app sessions, so you have to implement this yourself and reuse it for SDK initialization.

The Scanbot SDK allows setting up a completely custom encryption implementation. To do this you have to implement the io.scanbot.sdk.persistence.fileio.FileIOProcessor interface and pass it to the useFileEncryption(true, your_file_io_processor) method.

An instance of FileIOProcessor will be available during the app session and the user can use it to read and copy decrypted images, PDF files and Bitmaps. For example:

val scanbotSDK = ScanbotSDK(context)
val decryptedImageBitmap: Bitmap = scanbotSDK.fileIOProcessor().readImage(source: File, options: BitmapFactory.Options? = null)

Want to scan longer than one minute?

Generate a free trial license to test the Scanbot SDK thoroughly.

Get your free Trial License

What do you think of this documentation?