DroidFS/README.md

# DroidFS
An alternative way to use encrypted virtual filesystems on Android that uses its own internal file explorer instead of mounting volumes.
It currently supports [gocryptfs](https://github.com/rfjakob/gocryptfs) and [CryFS](https://github.com/cryfs/cryfs).

For mortals: Encrypted storage compatible with already existing softwares.

<p align="center">
<img src="https://forge.chapril.org/hardcoresushi/DroidFS/raw/branch/master/fastlane/metadata/android/en-US/images/phoneScreenshots/1.png" height="500">
<img src="https://forge.chapril.org/hardcoresushi/DroidFS/raw/branch/master/fastlane/metadata/android/en-US/images/phoneScreenshots/4.png" height="500">
<img src="https://forge.chapril.org/hardcoresushi/DroidFS/raw/branch/master/fastlane/metadata/android/en-US/images/phoneScreenshots/6.png" height="500">
</p>

# Support
The creator of DroidFS works as a freelance developer and privacy consultant. I am currently looking for new clients! If you are interested, take a look at the [website](https://arkensys.fr.to). Alternatively, you can directly support DroidFS by making a [donation](https://forge.chapril.org/hardcoresushi/DroidFS/src/branch/master/DONATE.txt).

Thank you so much ❤️.

# Disclaimer
DroidFS is provided "as is", without any warranty of any kind.
It shouldn't be considered as an absolute safe way to store files.
DroidFS cannot protect you from screen recording apps, keyloggers, apk backdooring, compromised root accesses, memory dumps etc.
Do not use this app with volumes containing sensitive data unless you know exactly what you are doing.

# Features
- Compatible with original encrypted volume implementations
- Internal support for video, audio, images, text and PDF files
- Built-in camera to take on-the-fly encrypted photos and videos
- Unlocking volumes using fingerprint authentication
- Volume auto-locking when the app goes in background

_For upcoming features, see [TODO.md](https://forge.chapril.org/hardcoresushi/DroidFS/src/branch/master/TODO.md)._

# Unsafe features
Some available features are considered risky and are therefore disabled by default. It is strongly recommended that you read the following documentation if you wish to activate one of these options.

<ul>
  <li><h4>Allow screenshots:</h4>
  Disable the secure flag of DroidFS activities. This will allow you to take screenshots from the app, but will also allow other apps to record the screen while using DroidFS.

  Note: apps with root access don't care about this flag: they can take screenshots or record the screen of any app without any permissions.
  </li>
  <li><h4>Allow exporting files:</h4>
  Decrypt and write file to disk (external storage). Any app with storage permissions could access exported files.
  </li>
  <li><h4>Allow sharing files via the android share menu*:</h4>
  Decrypt and share file with other apps. These apps could save and send the files thus shared.
  </li>
  <li><h4>Allow saving password hash using fingerprint:</h4>
  Generate an AES-256 GCM key in the Android Keystore (protected by fingerprint authentication), then use it to encrypt the volume password hash and store it to the DroidFS internal storage. This require Android v6.0+. If your device is not encrypted, extracting the encryption key with physical access may be possible.
  </li>
  <li><h4>Keep volume open when the app goes in background:</h4>
  Don't close the volume when you leave the app but keep running it in the background. Anyone going back to the activity could have access to the volume.
  </li>
  <li><h4>Allow opening files with other applications*:</h4>
  Decrypt and open file using external apps. These apps could save and send the files thus opened.
  </li>
  <li><h4>Expose open volumes*:</h4>
  Allow open volumes to be browsed in the system file explorer (<a href="https://developer.android.com/guide/topics/providers/document-provider">DocumentProvider</a> API). Encrypted files can then be selected from other applications, potentially with permanent access. This feature requires "*Keep volume open when the app goes in background*" to be enabled.
  </li>
  <li><h4>Grant write access:</h4>
  Files opened with another applications can be modified by them. This applies to both previous unsafe features.
  </li>
</ul>
* These features may require temporarily writing the plain file to disk (DroidFS internal storage). This file can be read by applications with root access or by physical access if your device is not encrypted. For files small enough and on a 3.17+ kernel, DroidFS will try to use memory-only storage using `memfd_create(2)` (can break some apps).

# Download
<a href="https://f-droid.org/packages/sushi.hardcore.droidfs">
	<img src="https://fdroid.gitlab.io/artwork/badge/get-it-on.png" height="75">
</a>

You can download DroidFS from [F-Droid](https://f-droid.org/packages/sushi.hardcore.droidfs) or from the "Releases" section in this repository.

APKs available here are signed with my PGP key available on keyservers:

`gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys AFE384344A45E13A` \
Fingerprint: `B64E FE86 CEE1 D054 F082  1711 AFE3 8434 4A45 E13A` \
Email: `Hardcore Sushi <hardcore.sushi@disroot.org>`

To verify APKs, save the PGP-signed message to a file and run `gpg --verify <the file>`.  __Don't install any APK if the verification fails !__

If the signature is valid, you can compare the SHA256 checksums with:
```
sha256sum <APK file>
```
__Don't install the APK if the checksums don't match!__

F-Droid APKs should be signed with the F-Droid key. More details [here](https://f-droid.org/docs/Release_Channels_and_Signing_Keys).

# Permissions
DroidFS needs some permissions for certain features. However, you are free to deny them if you do not wish to use these features.

<ul>
  <li><h4>Read & write access to shared storage:</h4>
  Required to access volumes located on shared storage.
  </li>
  <li><h4>Biometric/Fingerprint hardware:</h4>
  Required to encrypt/decrypt password hashes using a fingerprint protected key.
  </li>
  <li><h4>Camera:</h4>
  Required to take encrypted photos or videos directly from the app.
  </li>
  <li><h4>Record audio:</h4>
  Required if you want sound on video recorded with DroidFS.
  </li>
</ul>

# Limitations
DroidFS works as a wrapper around modified versions of the original encrypted container implementations ([libgocryptfs](https://forge.chapril.org/hardcoresushi/libgocryptfs) and [libcryfs](https://forge.chapril.org/hardcoresushi/libcryfs)). These programs were designed to run on standard x86 Linux systems: they access the underlying file system with file paths and syscalls. However, on Android, you can't access files from other applications using file paths. Instead, one has to use the [ContentProvider](https://developer.android.com/guide/topics/providers/content-providers) API. Obviously, neither Gocryptfs nor CryFS support this API. As a result, DroidFS cannot open volumes provided by other applications (such as cloud storage clients). If you want to synchronize your volumes on a cloud, the cloud application must synchronize the encrypted directory from disk.

Due to Android's storage restrictions, encrypted volumes located on SD cards must be placed under `/Android/data/sushi.hardcore.droidfs/` if you want DroidFS to be able to modify them.

# Building from source
You can follow the instructions in [BUILD.md](BUILD.md) to build DroidFS from source.

# Third party code
Thanks to these open source projects that DroidFS uses:

### Modified code:
- Encrypted filesystems (to protect your data):
    - [libgocryptfs](https://forge.chapril.org/hardcoresushi/libgocryptfs) (forked from [gocryptfs](https://github.com/rfjakob/gocryptfs))
    - [libcryfs](https://forge.chapril.org/hardcoresushi/libcryfs) (forked from [CryFS](https://github.com/cryfs/cryfs))
- [libpdfviewer](https://forge.chapril.org/hardcoresushi/libpdfviewer) (forked from [PdfViewer](https://github.com/GrapheneOS/PdfViewer)) to open PDF files
- [DoubleTapPlayerView](https://github.com/vkay94/DoubleTapPlayerView) to add double-click controls to the video player
### Borrowed code:
- [MaterialFiles](https://github.com/zhanghai/MaterialFiles) for Kotlin natural sorting implementation
### Libraries:
- [Glide](https://github.com/bumptech/glide) to display pictures
- [ExoPlayer](https://github.com/google/ExoPlayer) to play media files
Inital commit 2020-07-17 16:35:39 +02:00			`# DroidFS`
Update README & fastlane full_description.txt 2023-03-15 18:08:39 +01:00			`An alternative way to use encrypted virtual filesystems on Android that uses its own internal file explorer instead of mounting volumes.`
			`It currently supports [gocryptfs](https://github.com/rfjakob/gocryptfs) and [CryFS](https://github.com/cryfs/cryfs).`

Add ecryptfs & shufflecake in TODO & Update README 2023-04-29 20:21:47 +02:00			`For mortals: Encrypted storage compatible with already existing softwares.`
Illustrating README 2020-07-21 19:14:55 +02:00
			`<p align="center">`
Fixing screenshots in README 2021-04-05 18:56:07 +02:00			`<img src="https://forge.chapril.org/hardcoresushi/DroidFS/raw/branch/master/fastlane/metadata/android/en-US/images/phoneScreenshots/1.png" height="500">`
New screenshots 2023-05-12 20:20:22 +02:00			`<img src="https://forge.chapril.org/hardcoresushi/DroidFS/raw/branch/master/fastlane/metadata/android/en-US/images/phoneScreenshots/4.png" height="500">`
			`<img src="https://forge.chapril.org/hardcoresushi/DroidFS/raw/branch/master/fastlane/metadata/android/en-US/images/phoneScreenshots/6.png" height="500">`
Illustrating README 2020-07-21 19:14:55 +02:00			`</p>`
Inital commit 2020-07-17 16:35:39 +02:00
Add Support section in README 2023-08-15 18:06:39 +02:00			`# Support`
			`The creator of DroidFS works as a freelance developer and privacy consultant. I am currently looking for new clients! If you are interested, take a look at the [website](https://arkensys.fr.to). Alternatively, you can directly support DroidFS by making a [donation](https://forge.chapril.org/hardcoresushi/DroidFS/src/branch/master/DONATE.txt).`

			`Thank you so much ❤️.`

Better build explanation 2022-01-20 13:01:56 +01:00			`# Disclaimer`
Inital commit 2020-07-17 16:35:39 +02:00			`DroidFS is provided "as is", without any warranty of any kind.`
Updating description 2020-09-07 16:32:15 +02:00			`It shouldn't be considered as an absolute safe way to store files.`
Inital commit 2020-07-17 16:35:39 +02:00			`DroidFS cannot protect you from screen recording apps, keyloggers, apk backdooring, compromised root accesses, memory dumps etc.`
			`Do not use this app with volumes containing sensitive data unless you know exactly what you are doing.`

Update README & fastlane full_description.txt 2023-03-15 18:08:39 +01:00			`# Features`
			`- Compatible with original encrypted volume implementations`
			`- Internal support for video, audio, images, text and PDF files`
			`- Built-in camera to take on-the-fly encrypted photos and videos`
			`- Unlocking volumes using fingerprint authentication`
			`- Volume auto-locking when the app goes in background`

Add ecryptfs & shufflecake in TODO & Update README 2023-04-29 20:21:47 +02:00			`_For upcoming features, see [TODO.md](https://forge.chapril.org/hardcoresushi/DroidFS/src/branch/master/TODO.md)._`

Inital commit 2020-07-17 16:35:39 +02:00			`# Unsafe features`
Update README & fastlane full_description.txt 2023-03-15 18:08:39 +01:00			`Some available features are considered risky and are therefore disabled by default. It is strongly recommended that you read the following documentation if you wish to activate one of these options.`
Inital commit 2020-07-17 16:35:39 +02:00
Updating README.md 2020-08-27 12:00:45 +02:00			`<ul>`
			`<li><h4>Allow screenshots:</h4>`
			`Disable the secure flag of DroidFS activities. This will allow you to take screenshots from the app, but will also allow other apps to record the screen while using DroidFS.`
Update README & fastlane full_description.txt 2023-03-15 18:08:39 +01:00
Updating README.md 2020-08-27 12:00:45 +02:00			`Note: apps with root access don't care about this flag: they can take screenshots or record the screen of any app without any permissions.`
			`</li>`
			`<li><h4>Allow exporting files:</h4>`
Updating unsafe features documentation 2020-10-23 13:43:21 +02:00			`Decrypt and write file to disk (external storage). Any app with storage permissions could access exported files.`
Updating README.md 2020-08-27 12:00:45 +02:00			`</li>`
Update README & fastlane full_description.txt 2023-03-15 18:08:39 +01:00			`<li><h4>Allow sharing files via the android share menu*:</h4>`
Updating unsafe features documentation 2020-10-23 13:43:21 +02:00			`Decrypt and share file with other apps. These apps could save and send the files thus shared.`
			`</li>`
Update documentation 2023-09-10 21:01:04 +02:00			`<li><h4>Allow saving password hash using fingerprint:</h4>`
			`Generate an AES-256 GCM key in the Android Keystore (protected by fingerprint authentication), then use it to encrypt the volume password hash and store it to the DroidFS internal storage. This require Android v6.0+. If your device is not encrypted, extracting the encryption key with physical access may be possible.`
			`</li>`
Updating unsafe features documentation 2020-10-23 13:43:21 +02:00			`<li><h4>Keep volume open when the app goes in background:</h4>`
			`Don't close the volume when you leave the app but keep running it in the background. Anyone going back to the activity could have access to the volume.`
Updating README.md 2020-08-27 12:00:45 +02:00			`</li>`
Update documentation 2023-09-10 21:01:04 +02:00			`<li><h4>Allow opening files with other applications*:</h4>`
			`Decrypt and open file using external apps. These apps could save and send the files thus opened.`
			`</li>`
			`<li><h4>Expose open volumes*:</h4>`
DroidFS v2.1.3 2023-09-28 19:36:55 +02:00			`Allow open volumes to be browsed in the system file explorer (<a href="https://developer.android.com/guide/topics/providers/document-provider">DocumentProvider</a> API). Encrypted files can then be selected from other applications, potentially with permanent access. This feature requires "Keep volume open when the app goes in background" to be enabled.`
Update documentation 2023-09-10 21:01:04 +02:00			`</li>`
			`<li><h4>Grant write access:</h4>`
			`Files opened with another applications can be modified by them. This applies to both previous unsafe features.`
Updating README.md 2020-08-27 12:00:45 +02:00			`</li>`
			`</ul>`
Update documentation 2023-09-10 21:01:04 +02:00			* These features may require temporarily writing the plain file to disk (DroidFS internal storage). This file can be read by applications with root access or by physical access if your device is not encrypted. For files small enough and on a 3.17+ kernel, DroidFS will try to use memory-only storage using `memfd_create(2)` (can break some apps).
Inital commit 2020-07-17 16:35:39 +02:00
			`# Download`
Add F-Droid download links in README 2021-06-20 19:18:52 +02:00			`<a href="https://f-droid.org/packages/sushi.hardcore.droidfs">`
			`<img src="https://fdroid.gitlab.io/artwork/badge/get-it-on.png" height="75">`
			`</a>`

CryFS 2022-06-18 21:13:16 +02:00			`You can download DroidFS from [F-Droid](https://f-droid.org/packages/sushi.hardcore.droidfs) or from the "Releases" section in this repository.`
Add F-Droid download links in README 2021-06-20 19:18:52 +02:00
Better build explanation 2022-01-20 13:01:56 +01:00			`APKs available here are signed with my PGP key available on keyservers:`
Updating README: PGP key, removing GitHub & CameraView links 2020-12-20 15:36:05 +01:00
Update PGP key 2022-02-18 17:11:20 +01:00			`gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys AFE384344A45E13A` \
			Fingerprint: `B64E FE86 CEE1 D054 F082 1711 AFE3 8434 4A45 E13A` \
Updating README: PGP key, removing GitHub & CameraView links 2020-12-20 15:36:05 +01:00			Email: `Hardcore Sushi <hardcore.sushi@disroot.org>`

Update README for v1.5.0 2021-06-14 22:14:47 +02:00			To verify APKs, save the PGP-signed message to a file and run `gpg --verify <the file>`. __Don't install any APK if the verification fails !__

			`If the signature is valid, you can compare the SHA256 checksums with:`
			```
			`sha256sum <APK file>`
			```
Add F-Droid download links in README 2021-06-20 19:18:52 +02:00			`__Don't install the APK if the checksums don't match!__`

			`F-Droid APKs should be signed with the F-Droid key. More details [here](https://f-droid.org/docs/Release_Channels_and_Signing_Keys).`
Updating README: PGP key, removing GitHub & CameraView links 2020-12-20 15:36:05 +01:00
			`# Permissions`
Update README & fastlane full_description.txt 2023-03-15 18:08:39 +01:00			`DroidFS needs some permissions for certain features. However, you are free to deny them if you do not wish to use these features.`
Updating README: PGP key, removing GitHub & CameraView links 2020-12-20 15:36:05 +01:00
			`<ul>`
			`<li><h4>Read & write access to shared storage:</h4>`
Update README & fastlane full_description.txt 2023-03-15 18:08:39 +01:00			`Required to access volumes located on shared storage.`
Updating README: PGP key, removing GitHub & CameraView links 2020-12-20 15:36:05 +01:00			`</li>`
			`<li><h4>Biometric/Fingerprint hardware:</h4>`
			`Required to encrypt/decrypt password hashes using a fingerprint protected key.`
			`</li>`
			`<li><h4>Camera:</h4>`
Update README & fastlane full_description.txt 2023-03-15 18:08:39 +01:00			`Required to take encrypted photos or videos directly from the app.`
Use FFmpeg shared libraries & Update build instructions 2021-10-15 10:02:48 +02:00			`</li>`
			`<li><h4>Record audio:</h4>`
			`Required if you want sound on video recorded with DroidFS.`
Updating README: PGP key, removing GitHub & CameraView links 2020-12-20 15:36:05 +01:00			`</li>`
			`</ul>`
Inital commit 2020-07-17 16:35:39 +02:00
Add limitations section in README 2021-06-07 20:29:31 +02:00			`# Limitations`
Update documentation 2023-09-10 21:01:04 +02:00			DroidFS works as a wrapper around modified versions of the original encrypted container implementations ([libgocryptfs](https://forge.chapril.org/hardcoresushi/libgocryptfs) and [libcryfs](https://forge.chapril.org/hardcoresushi/libcryfs)). These programs were designed to run on standard x86 Linux systems: they access the underlying file system with file paths and syscalls. However, on Android, you can't access files from other applications using file paths. Instead, one has to use the [ContentProvider](https://developer.android.com/guide/topics/providers/content-providers) API. Obviously, neither Gocryptfs nor CryFS support this API. As a result, DroidFS cannot open volumes provided by other applications (such as cloud storage clients). If you want to synchronize your volumes on a cloud, the cloud application must synchronize the encrypted directory from disk.
Add limitations section in README 2021-06-07 20:29:31 +02:00
CryFS 2022-06-18 21:13:16 +02:00			Due to Android's storage restrictions, encrypted volumes located on SD cards must be placed under `/Android/data/sushi.hardcore.droidfs/` if you want DroidFS to be able to modify them.
Inital commit 2020-07-17 16:35:39 +02:00
CryFS 2022-06-18 21:13:16 +02:00			`# Building from source`
			`You can follow the instructions in [BUILD.md](BUILD.md) to build DroidFS from source.`
Updating README.md 2020-08-27 12:00:45 +02:00
			`# Third party code`
			`Thanks to these open source projects that DroidFS uses:`

			`### Modified code:`
CryFS 2022-06-18 21:13:16 +02:00			`- Encrypted filesystems (to protect your data):`
			`- [libgocryptfs](https://forge.chapril.org/hardcoresushi/libgocryptfs) (forked from [gocryptfs](https://github.com/rfjakob/gocryptfs))`
			`- [libcryfs](https://forge.chapril.org/hardcoresushi/libcryfs) (forked from [CryFS](https://github.com/cryfs/cryfs))`
Update to libpdfviewer 13 2022-03-26 19:14:48 +01:00			`- [libpdfviewer](https://forge.chapril.org/hardcoresushi/libpdfviewer) (forked from [PdfViewer](https://github.com/GrapheneOS/PdfViewer)) to open PDF files`
DoubleTapPlayerView 2022-01-18 20:18:44 +01:00			`- [DoubleTapPlayerView](https://github.com/vkay94/DoubleTapPlayerView) to add double-click controls to the video player`
Natural file name sorting 2022-01-13 19:23:37 +01:00			`### Borrowed code:`
CryFS 2022-06-18 21:13:16 +02:00			`- [MaterialFiles](https://github.com/zhanghai/MaterialFiles) for Kotlin natural sorting implementation`
Updating README.md 2020-08-27 12:00:45 +02:00			`### Libraries:`
Update README & fastlane full_description.txt 2023-03-15 18:08:39 +01:00			`- [Glide](https://github.com/bumptech/glide) to display pictures`
Updating README.md 2020-08-27 12:00:45 +02:00			`- [ExoPlayer](https://github.com/google/ExoPlayer) to play media files`