What is the best practice for saving Android app data (like users' data - every user has SQL database with data of all the other users) on the phone in SQL database?
This is a public app (has been published on the Play Store) and I need to decide how to encrypt the data and where to save it on the phone in that way no one will be able to reach it (not the users, nor other apps)
first of all, you should not store the data of every user of your app on every users phone. It will be difficult to maintain data consistency and more.
Secondly, take a look at the security section of the android development guide. The "best way" depends on your exact use case.
Cryptography is a difficult and important topic. DO NOT just look for answers like "Do it with XY" and implement it without understanding the theory.
Maybe not the short, easy answer you were looking for, sorry.^^
Related
I’m planning on allowing my users to sync their data with the cloud so that if they get a new phone or switch phones (ex. iPhone to Android and vice versa) they will be able to reload their data into their phone. Currently all their data is stored on their phones. I plan on encrypting their data in the database so it isn’t easily readable. However I have been reached out to by universities that could find user data useful (I would of course make the data so that they wouldn’t be traced back to the user, and ask for their consent). I’m wondering if there is a secure way to encrypt user data but also make it so that if I need to decrypt it for research purposes in the future I would be able to do this. Are there any best practices to do this?
I would argue that the obvious solution would also be the ideal solution. You have two tasks that could fairly easily be solved separately, so solve them separately. To do exactly what you are asking for, would require experimental cryptography.
Use state-of-the-art password based encryption for the identified user data that the users store for themselves.
Collect the research data separately, with explicit permission from the user. Generate individual random identifiers for each user, send those identifiers to each phone respectively, and compile the research data on the user phone, and submit it from the user phone to a different data store on your servers.
So i've recently discovered Flutter as a great way to develop apps for IOS/Android at the same time and i've come up with a project i'd like to realize. It's nothing new, i just want to build an app that helps you keep track of all the money you have / don't have (in my case). I know that this is not something new and there are some really good apps for this but i want some special features none of these apps has (+ it's a project not that difficult and i can get a ton of coding experience).
I am looking for the best / a very good way to store user data. Each user should be able to store all past transactions and how much money they still have left. From what i've read SharedPreferences aren't the way to go as they aren't good at "storing a lot of data" so it's reccomended to go with an actual database.
As i am someone that very frequently resets his phone (rooting and stuff is really fun) i'd love to have the option to backup the database in the cloud as well. If my research is correct i can do this two ways:
I can either have a local database stored on the device and create an option in the app to export the db to e.g Google Drive / Dropbox and import the db from there or i could go with a firebase from google. I'd prefer the second option as then i could implement it in a way that the user doesn't ever need to press "backup data" but the data will always get synced with the firebase and be available offline.
I've found tons of ways and tutorials on how to do this on android, yet i could not find anything for flutter. And i don't really know how to secure a firebase (and i don't really want to know either, i'm not that much into databases).
What are your suggestions? Should i
Go with a local database or
Try setting up a firebase
Thank you guys!
Firebase seems like a great option. Note you only have 1GB of free real time database storage.
In terms of integrating Firebase with Flutter you should start reading here and here
SharedPreferences are mostly used for storing only important information like userId tokens, session timeouts etc etc.
In my opinion go with firebase, so that you can keep record of probably every single transaction.
You can even go with local storage but as the data grows it would be good to keep it syncronized across cloud.
Is there a way for a mobile messaging app to hold messages sent and messages received on the app without a 3rd party (e.g. AWS) having to continually store these messages? My purpose is to bring down my costs. I would still pay for data ingestion and data egression, but I'm hoping to not have to hold the costs of storage, but rather that users can store their important messages on their own phones, and delete them when they're ready. I'm imagining this is how the iPhone's Messages app works. In my mind, this is like creating a photos app, combined with a messages app, etc.
Any verification that this is possible or tips/links for such a practice would be very appreciated!
Yes, this is possible. A server located in the cloud can simply transfer data between two simultaneously connected clients, without ever needing to store that data to disk.
A portion of the data will have to be exist in memory of some form (e.g., RAM), at least momentarily. Taken to the extreme, this space requirement could be reduced to a single byte.
Storage is not particularly expensive, even for this use case. Nevertheless, if your architecture doesn't require any storage, then there's no reason to buy any.
I do not have any good links for you. I don't even know if this concept has a name. But you should understand that this is a very basic concept of computer communication/buffering.
If you've noticed that messaging services tend to like to keep your data in the cloud, well, (forgive my cynicism, but) that's probably just so they can mine it at their convenience.
I am implementing an Android application but I can't make a final decision about which database will be the most suitable. You can think of my app as Instagram but there will not be photos or videos, there will be texts instead. There will only be images for profile pictures.
Users may insert data to database and make advanced search inside the app. So the database must be somewhere where anyone using the app can communicate. What is the best choice?
Not everything you read on the internet is always true. There are MANY services out there for you to use. Parse-Server, Firebase, AWS, MySQL, PHP...etc etc etc.
I, for one, am using Parse-Server. Why? It's simple. I make my own calls for statistics that will get stored in mongo. If I was to do it over again, I would use Firebase for it instead. Why? Google is king.
Now, Parse-Server and Firebase for example claim they are secure, and I haven't done much testing to see if I was able to crack into it. Perhaps someone can comment on this. Parse-Server is stored locally on my Mac, and as long as your keys stay secured, the app is secured. The db (which is stored on mongo) is secured. You can store images, text, users, and just about ANYTHING on mongo which again, is similar to Firebase.
If you want to best for production, I don't think you need to worry about Firebase, Parse-Server, AWS, etc, you need to worry about security. If it's hard to crack then that service might be the way to go.
Sure, maybe storing images separate from the text would be good, but again, if Parse-Server is secured, then I'm happy to use it for my needs.
edit: typo(s)
Is it possible that I store my SQLite table over a dropbox account and have all my users sync their tables with the stored table? Also be able to make changes to that table?
Your approach could work in theory, but there are so many issues involved, that you're better off not doing it. If you wish to store and make data available across all devices belonging to a user, I strongly recommend looking into Datastore API by Dropbox. The API will take care of storing data locally as well as synchronize it over connected Dropbox accounts.
If you want a bit modular approach, you can use Windows Azure Mobile Services. These give you REST APIs to store your data in cloud. However, synchronization has to be handled by the developer - you. I have written a small library to do that here: http://bit.ly/ProjectMirror It's for Windows Phone, but Android version is already in a sister repo there. You could extend it. Let us know how that goes.
In addition to these services, Parse SDK is a good option. It requires you to pay after a while, though. In addition to what you want to do, it also provides other things like user management and so on. But, be aware that some of those operations may require you a live Internet connection.
So, in essence, if you want seamless data storage and sync, use Datastore. Be aware that you'll have no control over the server side. Also, your data will be restricted to the Dropbox ecosystem forever. If you plan on further expanding your app to other platforms, go with Azure and handle the sync. If you want lots of features, go with the Parse.
I would suggest looking into Google Play Game Services using the Cloud Save feature. Even if you are not building a game this feature lets you sync sqlite data in the cloud and Google will handle most of the work for you.
OR you could use a cloud based database which supports both push and pull. That means:
Scenario 1:
Your users change something on their phones. Changes are uploaded to the database. The database then pushes these changes to all other users.
Scenario 2:
Your users change something and upload this to the database. But instead of the cloud based server pushing the changes to all users, the users phones can ask the database for new data at intervals.
All this is very easy to set up. It took me about five, ten minutes. Just follow this easy tutorial:
https://parse.com/docs/android_guide
and for push:
https://parse.com/tutorials/android-push-notifications
We now use this for our company app, storing statistics for example.
Bear in mind that syncing can become complex. Try to keep it very simple, especially if you are new at programming.