---
title: "Android DataSealing"
description: "Learn how to apply DataSealing with DoveRunner Mobile App Security to securely encrypt and store binary file data for Android Native C/C++ applications."
---
> For the complete documentation index, see [llms.txt](/llms.txt).

import { Aside } from '@astrojs/starlight/components';

<Aside type="caution" title="Not available in v3.x">
DataSealing is supported in DoveRunner Mobile App Security **up to version 2.x only**. This feature has been removed in version 3.x and will return in a future update.
</Aside>

## DataSealing Requirements

- Supported from DoveRunner Mobile App Security version 2.23.0.0.
- DataSealing is currently supported only for **Android Native C/C++ (NDK)**. It is not available by default in other frameworks (e.g., Java/Kotlin, Unity, Flutter). If you are using a plug-in that can work with Native C/C++ in these frameworks, you can apply DataSealing by following this guide.
- Support for additional frameworks is planned for a future update.

## How to Apply DataSealing

DataSealing securely encrypts and stores binary file data without additional coding, and allows you to directly read and use the encrypted data.

DataSealing supports native File I/O functions and native AssetManager-related functions. Java File I/O and Java AssetManager support is planned for a future version.

No SDK or library download is required — follow the rules below and apply DataSealing using your existing coding approach.

### Asset File Encryption

To encrypt asset files included in your APK, follow one rule: create a folder named **`ASDP`** under the `assets` folder and move all asset files you want to encrypt into it. Files inside `ASDP` are automatically encrypted during sealing and automatically decrypted when accessed via AssetManager-related native functions.

![DataSealing assets folder structure](https://appsealing-docs.s3.ap-northeast-1.amazonaws.com/common/guide/adc_console/android_data_sealimg_1.png)

In the example above, `my_asset1.bin` and `my_asset2.dat` (placed in the `ASDP` folder) are encrypted during sealing, while `my_asset3.bin` and `my_asset4.dat` (placed directly under `assets`) are not.

Encrypted asset files are automatically decrypted by DoveRunner Mobile App Security when the following AssetManager native functions are used in JNI code:

```
AAssetManager_open
AAsset_getBuffer
AAsset_getLength
AAsset_getLength64
AAsset_getRemainingLength
AAsset_getRemainingLength64
AAsset_read
AAsset_seek
AAsset_seek64
AAsset_close
```

Example — reading an encrypted `my_asset1.bin` file (null/error checks omitted):

```cpp
AAssetManager* am = AAssetManager_fromJava( env, AssetManager );
AAsset* asset = AAssetManager_open( am, "ASDP/my_asset1.bin", AASSET_MODE_UNKNOWN );
int fileSize = AAsset_getLength( asset );
unsigned char* buffer = ( unsigned char* )AAsset_getBuffer( asset );
memcpy( data_buffer, ( const void* )buffer, fileSize );
AAsset_close( asset );
```

The code is identical to standard asset reading. Decryption happens transparently inside `AAsset_getBuffer` before `memcpy` is executed.

### General Binary File Encryption

Encryption can also be applied to binary files generated dynamically at runtime. Add the prefix **`ASDP_`** to the filename and encryption/decryption is applied automatically during write/read operations.

**Important:** This only works for binary files. The `"b"` character must be included in the `fopen` mode parameter. Files opened without `"b"` in the mode will not be automatically encrypted or decrypted.

Supported file I/O functions:

```
fopen
fseek
ftell
fread
fwrite
fclose
```

Example — writing an encrypted file (null/error checks omitted):

```cpp
FILE* fp = fopen( "/files/ASDP_my_secure_data.bin", "wb" );
int len = fwrite( secure_data, 1, 4096, fp );
fclose( fp );
```

Example — reading back the encrypted file from offset 1024:

```cpp
FILE* fp = fopen( "/files/ASDP_my_secure_data.bin", "rb" );
char buffer[4096] = { 0x00, };
fseek( fp, 1024, SEEK_SET );
int len = fread( buffer, 1, 2048, fp );
fclose( fp );
```

Data read into the buffer is automatically decrypted.

![DataSealing summary](https://appsealing-docs.s3.ap-northeast-1.amazonaws.com/common/guide/adc_console/android_data_sealing_2.png)

## Activating DataSealing in Developer Console

When DataSealing is applied with the Native API enabled, a confirmation dialog appears before sealing starts. Accepting the prompt activates DataSealing on the app and sealing restarts automatically.

## Pricing

To check the pricing model for DataSealing, visit the [DoveRunner pricing page](https://doverunner.com/pricing-simulator/).