This question requires no back story, but to illustrate the specific importance of what I am asking, I'm adding it. The question is this: When an android device accesses an SD card, are the contents mirrored onto the internal memory in any way? I know it can show multiple mount points for the card, and that is in the root file system, I just don't understand if it actually goes internal.
A friend and I have made an app for sending secure messages. Being totally paranoid of technology, we decided that the app that encodes and decodes will be on a separate device that is completely offline (like an old phone, no sim, airplane mode on, and if need be, the modem/radio firmware corrupted and hardware damaged). Anyhow, for the sake of discussion, the device doing the work is completely offline. Once a message is encoded, the offline phone generates a QR code and a picture of that can be taken with an online device and sent via sms or whatever. Likewise, upon receiving an encoded QR code or text, the offline phone has the option to open the camera and grab that QR code and insert it into the program or manually type it in.
The program that encodes and decodes is nothing special, it just does a transposition on the text like a Viginere table. The security comes from the fact that the program uses a pre-shared, one-time pad as the key. Total randomness, no parts are repeated, no logic, real random (how we get to random is not the concern here, not trying to talk about sudo-random or nothing of that nature. That part is handled). Knowing how drives typically "delete" by simply marking that data as re-writable, we wanted a way to ensure the program would rewrite all zeros over the used portions of the one-time pad, as it is on the drive, every time it uses it. To do this, we decided to partition the cards such that the enormous random one-time pad key files barely fit on the partition and filled the unused portion with useless data to ensure there was no space for the new, partially zero'd out key to be written leaving remnants of the original un-zero'd key elsewhere on the SD card like deleting with windows does.
This is why I am curious about how android mounts SD cards and if traces of its contents will be on the internal memory in any way. I know nothing about android. I initially wrote it in excel and used blowing in a microphone as the key generator (yes, excel lol), years went by and I made it in C# using visual studio and went to using diode shot noise for random. Now, my friend is handling the android and QR stuff using unity and I have no clue if he is leaving room for trace evidence as I have no clue how SD cards are handled in android. I just want to know we are not missing something with our partition and zero extra space tactic.