如何永久清除SD卡上的数据
[英]How to wipe out data on SD card permanently
问题描述
I am developing an android app which allows users wiping data on SD card permanently. 
我正在开发一个Android应用程序,该应用程序允许用户永久擦除SD卡上的数据。 What is important is that the data removed CANNOT be recovered by CardRecover and the like software. 重要的是, CardRecover等类似软件无法恢复已删除的数据。
As far as I know, there are mainly two methods now. 据我所知,现在主要有两种方法。
- Using File.delete() method directly. 直接使用File.delete()方法。 See this thread . 看到这个线程 。
- Using IMountService and ServiceManager to format SD card. 使用IMountService和ServiceManager格式化SD卡。 See this thread . 看到这个线程 。
However, CardRecover is able to recover data under these two situation. 但是, CardRecover能够在这两种情况下恢复数据。
I know if the whole SD card is overwrite, the data cannot be recovered any more. 我知道如果整个SD卡都被覆盖,则数据将无法恢复。 I tried this method, but the performance is hardly acceptable. 我尝试了这种方法,但性能几乎无法接受。
So how can I achieve this goal? 那么我怎样才能实现这个目标呢?
I have two ideas as following now, but am not sure if they are proper. 我现在有两个想法,但是不确定它们是否正确。
- Encrypting all the files on SD card. 加密SD卡上的所有文件。
- Break all the files on SD card like what virus does. 像病毒一样破坏SD卡上的所有文件。
1 个解决方案
解决方案1
2 已采纳 2014-10-23 07:09:20
Deleting a file using File#delete() or reformatting the card is the equivalent of scribbling over the page number of a chapter in the index of a book, or tearing the index pages off. 使用File#delete()删除文件或格式化存储卡的格式等同于在书的索引中乱写一章的页码,或撕下索引页。 You can no longer find what you need easily , but the actual content (ie the data) is still there. 您不再能轻松找到所需的内容,但实际的内容(即数据)仍然存在。
In order to remove the data itself you need to overwrite it byte-by-byte. 为了删除数据本身,您需要逐字节覆盖它。 It may no longer be necessary to use multiple passes ala shred , but you still need at least one pass, hence the low performance. 不再需要使用多次遍历ala shred ,但是您仍然需要至少一次遍历,因此性能低下。
Keep in mind that if an SD Card is using any form of wear leveling , then overwriting the data does not actually guarantee its removal from the physical medium - a determined (and well-equiped) attacker might still be able to recover some data. 请记住,如果SD卡正在使用任何形式的损耗均衡 ,则覆盖数据实际上并不能保证将其从物理介质中删除-坚定的(且装备精良的)攻击者可能仍然可以恢复一些数据。 The use of journaling filesystems (rather improbable on an SD card used with Android, but still...) may also cause similar issues. 使用日志文件系统(在Android上使用的SD卡上不太可能,但是仍然...)也可能导致类似的问题。
Encryption is not really a solution, unless it is transparently performed by the OS or the application that creates the files. 加密并不是真正的解决方案,除非由操作系统或创建文件的应用程序透明地执行。 Encrypting a file after the fact would still require that the same amount of data is written and, unless it is performed in-place, would also leave you with the problem of securely deleting the original file. 事后加密文件仍然需要写入相同数量的数据,并且除非进行就地执行,否则还存在安全删除原始文件的问题。 In addition, your applications would be unable to access the file until it is decrypted. 此外,您的应用程序将无法访问该文件,除非将其解密。
As for "breaking" the files, the effectiveness of the technique depends heavily on the specifics of the files in question. 至于“破坏”文件,该技术的有效性在很大程度上取决于所讨论文件的细节。 Video files, for example, can often be viewed on a decent player (eg VLC) even if significant parts of the file are corrupt. 例如,即使文件的重要部分已损坏,通常也可以在像样的播放器(例如VLC)上观看视频文件。 There is no generic technique that can render a file useless without overwriting it completely, especially against an attacker with specialized forensic tools. 没有通用技术可以使文件无用而无需完全覆盖它,特别是针对具有专门取证工具的攻击者。 Destroying the files by eg overwriting just their headers only offers a false sense of security. 通过例如仅覆盖文件头来销毁文件只会带来错误的安全感。
If I were you, I'd stick with what works and just keep overwriting the whole file... 如果我是你,我会坚持可行的做法,然后继续覆盖整个文件...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.