I created an encrypted sqlite database with SQLCipher export().
I'm worried about security and reverse engineering of the apk, so the decrypt password is not in the app, but it is entered from the user on app start.
The problem is: How can I read the encrypted database from assets folder?
I've found libraries like SQLiteAssetHelper or ExternalSQLIteimporter but they can't import encrypted databases.
Any idea?
Related
Decompile this app or this. You can't see the database(words, Synonym or ...). I wrote a dictionary app and my words are in the SQLite database. After decompiling the app, the person can see the database (words or ...).
How do I hide the database? Like Oxford Dictionary and other dictionaries?
Do these apps use SQLite?
Did I convey my mean clearly?
If you want offline data, you have to encrypt your database. Use a database that you can encrypt, such as Sqlite. DB Browser for Sqlite will help you encrypt your database.
https://sqlitebrowser.org/
Or if you want an online database, then you have to use a backend such as Firebase or Amazon AWS.
You have one option:
Store your words online (in Firebase for example) at first launch you download all the words and store it on SQLite (or Room database) and you are ready to go. By using remote server the download size of your apk also become smaller!
I wrote my sqlite database then i imported to my application,
I used this ,and it works fine.
after that I recognized that my database is unencrypted, so with any root phone can access it.
so i suggested this way:
1- encrypt my database with key then
2- return it to my application then
3- use encryption key in my code to decrypt database then
4- I use proguard to encrypt my code(because my code has the encryption key).
does this way is correct?
yes, how to do it?
no, what I must to do?
I read about sqlcipher, but I think this technique to encrypt database from creation.
is Full Database Encryption for SQLite
sqlcipher
here is example
Does Android do an encryption to the sqlite database owned by the application ?
Reading the documentation and various forums I could only gather that the database is protected by the application owning it and it is not visible to the other apps .
Can this mean that it is a very viable security hole ? Why doesn't Android advice developers to encrypt the sqlite databases ?
Android does not encrypt sqlite databases (or any files created by the application, no matter their location). Files (including a database) created in internal storage are protected by uid, which means they cannot be easily read by other apps. However, if the device is rooted, they can be easily copied and/or read.
It's only insecure if you store data that shouldn't be stored there. Your options if you want a higher level of security are (a) to store encrypted data (b) use some other encrypted database service.
We have an android application which use the sqlite database, we will save many images to the file, and then user can download the db file from android client and read the images from our app, and we want to encrypt the file to prevent the attacker get the image directly.
At first, we tried to gzip and encrypted each image before inserted to the db, then we decrypt them during the reading. However we afraid that this may cause performance problem.
Then I found this:
https://guardianproject.info/code/sqlcipher/
And it seems that sqlcipher use password to encrypt the file, then our app should have to read it by password in the client side, then if someone de-compile our apk, he can still get our password(event this password are retrieved from server) through the source file.
Is this possible? Or do I miss anything?
I have created SQLite database in android.
Here I decided to use encryption. I know about sqlite but I don't know how to implement sqlite encryption method, the data that is saved in database needs to be encrypted
and while retrieving data it should be decrypted.
You can use SQLChiper for Android for AES 256-bit encryption for .db files which i suppose is easier than handling encryption and decryption for each database query