Encrypted overlay filesystems implementation for Android.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
Hardcore Sushi 73189d9d32 Hidden volume warning 11 months ago
Screenshots Updating README.md 1 year ago
app Hidden volume warning 11 months ago
fastlane/metadata/android/en-US Adding fastlane 12 months ago
gradle/wrapper Updating to gradle 6.6.1 1 year ago
.gitignore Inital commit 1 year ago
LICENSE.txt Inital commit 1 year ago
README.md Updating unsafe features documentation 11 months ago
build.gradle Switching to androix.biometric 11 months ago
gradle.properties Inital commit 1 year ago
gradlew Updating to gradle 6.6.1 1 year ago
gradlew.bat Updating to gradle 6.6.1 1 year ago
settings.gradle Inital commit 1 year ago

README.md

DroidFS

DroidFS is an alternative way to use encrypted overlay filesystems on Android that uses its own internal file explorer instead of mounting virtual volumes. It currently only works with gocryptfs but support for CryFS is expected to be added soon.

Disclamer

DroidFS is provided "as is", without any warranty of any kind. It shouldn't be considered as an absolute safe way to store files. DroidFS cannot protect you from screen recording apps, keyloggers, apk backdooring, compromised root accesses, memory dumps etc. Do not use this app with volumes containing sensitive data unless you know exactly what you are doing.

Permissions

DroidFS need some permissions to work properly. Here is why:

  • Read & write access to shared storage:

    Required for creating, opening and modifying volumes and for importing/exporting files to/from volumes.
  • Biometric/Fingerprint hardware:

    Required to encrypt/decrypt password hashes using a fingerprint protected key.
  • Camera:

    Needed to take photos directly from DroidFS to import them securely.

Unsafe features

DroidFS allows you to enable/disable unsafe features to fit your needs between security and comfort. It is strongly recommended to read the documentation of a feature before enabling it.

  • Allow screenshots:

    Disable the secure flag of DroidFS activities. This will allow you to take screenshots from the app, but will also allow other apps to record the screen while using DroidFS. Note: apps with root access don't care about this flag: they can take screenshots or record the screen of any app without any permissions.
  • Allow opening files with other applications *:

    Decrypt and open file using external apps. These apps could save and send the files thus opened.
  • Allow exporting files:

    Decrypt and write file to disk (external storage). Any app with storage permissions could access exported files.
  • Allow sharing files via the android share menu *:

    Decrypt and share file with other apps. These apps could save and send the files thus shared.
  • Keep volume open when the app goes in background:

    Don't close the volume when you leave the app but keep running it in the background. Anyone going back to the activity could have access to the volume.
  • Allow saving password hash using fingerprint:

    Generate an AES-256 GCM key in the Android Keystore (protected by fingerprint authentication), then use it to encrypt the volume password hash and store it to the DroidFS internal storage. This require Android v6.0+. If your device is not encrypted, extracting the encryption key with physical access may be possible.
* Features requiring temporary writing of the plain file to disk (DroidFS internal storage). This file could be read by apps with root access or by physical access if your device is not encrypted.

Download

You can download the latest version here.

Build

Most of the original gocryptfs code was used as is (written in Go) and compiled to native code. That's why you need Go and the Android Native Development Kit (NDK) to build DroidFS from source.

Install Requirements

Download Sources

$ git clone https://github.com/hardcore-sushi/DroidFS.git

Gocryptfs need openssl to work:

$ cd DroidFS/app/libgocryptfs
$ wget -qO - https://www.openssl.org/source/openssl-1.1.1h.tar.gz | tar -xvzf -

Build

First, we need to build libgocryptfs.
Retrieve your Android NDK installation path, usually someting like "/home/<user>/AndroidSDK/ndk/<NDK version>".

$ cd DroidFS/app/libgocryptfs
$ env ANDROID_NDK_HOME="<your ndk path>" OPENSSL_PATH="./openssl-1.1.1h" ./build.sh

Then, open the DroidFS project with Android Studio.
If a device (virtual or physical) is connected, just click on "Run".
If you want to generate a signed APK, you can follow this post.

Third party code

Thanks to these open source projects that DroidFS uses:

Modified code:

Libraries: