Since version 1.39.0 the Scanbot SDK for Android uses the internal storage by default. All files generated by the Scanbot SDK (images, PDF files, thumbnails, temp files, etc.) are stored in the application data directory. Using the internal storage provides the following benefits:
- all stored files are accessible by only your app
- does not require storage permission prompts for your users.
For more details about the Android file storage system we highly recommend checking out:
It is strongly recommended to use the internal storage. However, you can override the default storage directory of the Scanbot SDK on initialization.
ScanbotSDKInitializer class provides the method
sdkFilesDirectory(Application application, File sdkFilesDirectory) which allows you to change the default storage directory.
import io.scanbot.sdk.ScanbotSDKInitializer ... // Example for using a sub-folder in the external(!) storage: val customStorageDir = File(getExternalFilesDir(null), "my-custom-storage-dir") customStorageDir.mkdirs() ScanbotSDKInitializer() .sdkFilesDirectory(this, customStorageDir) ... .initialize(this)
When overriding the default storage location, make sure
- you have implemented suitable storage permissions request handling
- the storage directory is available (e.g. unmounted SD card).
By default encryption for image and PDF files is disabled.
The Scanbot SDK provides the ability to encrypt all stored images and PDF files in the SDK app folder.
To accomplish this you have to follow these steps:
- Add the Scanbot SDK Crypto Persistence library to your app dependencies
- Enable files encryption in
ScanbotSDKInitializer() // ... .useFileEncryption(true) .initialize(this)
Default Encryptor implementation uses AndroidX Crypto solution under the hood.
More info can be found here: https://developer.android.com/topic/security/data
The files encryptor uses the
AES256_GCM_HKDF_4KB file encryption scheme. More info can be found here: https://developer.android.com/reference/kotlin/androidx/security/crypto/EncryptedFile.FileEncryptionScheme
security-crypto AndroidX library is still in development and has an Alpha version
Also, Scanbot SDK provides a custom AES based encryption solution
To enable it you have to set it in the SDK initializer in the
.useFileEncryption(true, AESEncryptedImageFileIOProcessor("any_user_password", AESEncryptedFileIOProcessor.AESEncrypterMode.AES256))
AESEncryptedImageFileIOProcessor exposes as public initial salt, iterations count and IV (initialization vector) values and the generated key:
val scanbotSDK = ScanbotSDK(context)val aesEncryptedFileIOProcessor = scanbotSDK.fileIOProcessor() as AESEncryptedFileIOProcessor val generatedKey = aesEncryptedFileIOProcessor.keyval initialSalt = aesEncryptedFileIOProcessor.saltval initialIterationCounts = aesEncryptedFileIOProcessor.iterationCountval initialIV = aesEncryptedFileIOProcessor.initializationVector
AESEncryptedFileIOProcessor does not save the password in secure storage between app sessions, so you have to implement this yourself and reuse it for SDK initialization.
The Scanbot SDK allows setting up a completely custom encryption implementation.
To do this you have to implement the
io.scanbot.sdk.persistence.fileio.FileIOProcessor interface and pass it to the
useFileEncryption(true, your_file_io_processor) method.
An instance of
FileIOProcessor will be available during the app session and the user can use it to read and copy decrypted images, PDF files and
val scanbotSDK = ScanbotSDK(context)val decryptedImageBitmap: Bitmap = scanbotSDK.fileIOProcessor().readImage(source: File, options: BitmapFactory.Options? = null)