如何安全地從相機加載圖像並在 Android 上以全尺寸顯示？

Question

為了安全起見，建議我避免使用 getExternalFilesDir(Environment.DIRECTORY_PICTURES) 來存儲文件並使用 File.createTempFile 創建不安全的臨時文件。

我們如何以安全的方式重寫它？

clTakeBottomSheetCamera.setOnClickListener(v -> {
    Intent intent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE);

    if (intent.resolveActivity(getPackageManager()) != null) {
        try {
            profilePhotoFile = createPhotoFile(tag); // FIXME <--

            Uri photoURI = FileProvider.getUriForFile(context, "com.test.test" + ".provider", profilePhotoFile);
            intent.putExtra(MediaStore.EXTRA_OUTPUT, photoURI);

            startActivityForResult(intent, REQUEST_CODE_CAPTURE_PASSPORT_IMAGE);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
});

 private File createPhotoFile(String tag) throws IOException {
        String timeStamp = new SimpleDateFormat("yyyyMMdd_HHmmss", Locale.getDefault()).format(new Date());
        String imageFileName = custPhoneNumber + "_" + timeStamp + "_";
        File storageDir = getExternalFilesDir(Environment.DIRECTORY_PICTURES); // FIXME: Insecure data storage
        File imgFile = File.createTempFile(imageFileName, ".jpg", storageDir); // FIXME: Insecure temporary file creation

        profilePhotoPath = imgFile.getAbsolutePath();
        return imgFile;
    }

@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
    if (requestCode == REQUEST_CODE_CAPTURE_PASSPORT_IMAGE && resultCode == RESULT_OK) {
        // Display the captured image in an ImageView with Glide
        Glide.with(activity).load(profilePhotoPath).into(ivCustomerPhotoActivation);
    }
}

Answer 1

File storageDir = getExternalFilesDir(Environment.DIRECTORY_PICTURES); // FIXME: Insecure data storage

而不是getExternalFilesDir() ，使用getFilesDir()或getCacheDir() ，並調整您的FileProvider元數據以匹配。

File imgFile = File.createTempFile(imageFileName, ".jpg", storageDir); // FIXME: Insecure temporary file creation

如果您解決了較早的問題，則不應再將其視為不安全的。