This is from a tutorial on apps2sd:
where are the apps stored when i use apps2sd?
4o66 wrote: Short answer: Each app stored in /mnt/asec/[appname] is actually stored in an individual encrypted virtual device file
Long answer: (you knew it was coming...)
From a terminal program (or adb, I normally just hop into ConnectBot), if you run "mount", you will see a few lines like so:
/dev/block/dm-[number] /mnt/asec/[app name] vfat ro,dirsync,nosuid,nodev,noexec,relatime,uid=.....
The main thing to pay attention to here is the first two blocks of text.
The first is WHAT is mounted, the second is WHERE it is mounted TO.
In this case, the device known as /dev/block/dm-[number] is referring to a DM (Device Mapper). In linux, this is normally used for either RAID devices or encrypted volumes.
So what is happening is this: To stop the average user from copying and app to sd, then giving it to a friend, they place it in a virtual hard drive, which is encrypted and stored as a file, in a linux partition on the sd card.
Picture like this:
[SD CARD]
[FAT32]
Files you see on the card
[END FAT32]
[EXT4 Linux]
apps2sd files
virtual hard drive file
[DM device (encrypted)]
apk files
[END DM]
[END EXT4]
[END SD CARD]
Now, if you are rooted, this doesn't really stop you. But most users will never know, or care, about rooting their device. They won't even see the EXT partition on their computer if they were to take the sd card out and plug it right in (Windows can't read EXT partitions without some special software). If the user has linux, they will see the files, but the crypto keys are stored in phone protected memory, accessible only to root.
This keeps casual copying from occurring.
Remember this, a lock only keeps and honest man honest.
If I have physical possession of your device, no matter what security you put on it, I will eventually be able to get what I want out of it.