One problem using FileObserver
is that you have a bit of a race condition between your app and anything else (e.g., malware) that is also observing the filesystem. If the malware gets in first, it can tinker with the image before you sign it.
An alternative flow is to use ACTION_IMAGE_CAPTURE
and a FileProvider
, directing the camera app to save the photo to ProofMode's internal storage. Many camera apps will support this, though some won't. Then, the photo initially is purely under your control (barring root-powered malware), and you can do whatever you want with the image and proof process safely. Then, when ready, you can copy the photo out to DCIM/ProofMode/
or something. As an added bonus, this will work even if the camera app is configured to save its images by default somewhere other than DCIM/
, missing your FileObserver
.
Attached is a sloppy proof of concept, based on one of my book examples. It uses ACTION_IMAGE_CAPTURE
to take a photo, directing the results to the app's internal storage. It then updates an EXIF header, copies the modified image out to DCIM/ChainOfCustody/
, indexes it, and brings it up in an image viewer activity. This code sucks (e.g., won't handle configuration changes well with the background thread), but it demonstrates the concept. Where I have the background thread, you would tie into your existing ProofMode flow.
ChainOfCustody.zip
This is just a thought -- obviously, this is your app, and you may have your reasons for not wanting to have this option.