Enlightens on then on how you would solve the issue. You have a program, and the program is storing data and the "attacker" (here really the user himself) wants to bypass the policies enforced by the application. The attacker has access to both the binary of the app and the data.
What would you encrypt the data with that the user himself cannot also access? Without a secure encryption hardware module, there's little you can do except add additional layers of obscurity.
You could encrypt all the data with a key derived off the user's password, and require the user to re-enter the key if the app stops. That too could be broken.
You could store the images in some odd obfuscated format that only the app can understand. That too could be broken after some time.
You could never store any images on disk at all and fetch them only when requested. Then you have the third-party services imitating the app.
What would you encrypt the data with that the user himself cannot also access? Without a secure encryption hardware module, there's little you can do except add additional layers of obscurity.
You could encrypt all the data with a key derived off the user's password, and require the user to re-enter the key if the app stops. That too could be broken.
You could store the images in some odd obfuscated format that only the app can understand. That too could be broken after some time.
You could never store any images on disk at all and fetch them only when requested. Then you have the third-party services imitating the app.