The Story
I have an Android application which heavily relies on the Firebase Realtime Database. So far I do not have any problem using it.
But I need to store some highly sensitive data of the users in the database and I would not like to do that in plain text.
So, I have encrypted the data before storing them into the database. I can see the encrypted string in the Firebase Console.
The Problem
I need to check and verify how the data is internally represented by Firebase Database in my local device as I am storing the key for encryption in the database as well.
I have setPersistenceEnabled() for my database and thus Firebase stores these data locally in the users device. It is nowhere mentioned how Firebase does this internally. Does it store it as a JSON file or a SQLite database (most probable).
My Attempt
To dig deeper into the problem, I tried to pull the databases from my app.
I used,
"adb -d shell "run-as com.yourpackge.name ls /data/data/com.yourpackge.name/databases/"
in my terminal to get a list of all database names for my app, and this is what I got,
app-debug-xxxx.firebaseio.com_default
app-debug-xxxx.firebaseio.com_default-journal
crash_reports
crash_reports-journal
So, these are my databases right? Are they regular SQLite databases? I was unable to read data from these files using the assumption that they are SQLite databases.
I personally think it is very important for us to know how the data is internally represented in Android so that we can make better decisions to store our data.
Any help will be highly appreciated?
After inspecting the file you mentioned, yes it's indeed a SQLite database file (app.firebaseio.com_default).
The data is saved in serverCache table and it contains 2 columns: path (TEXT) and value (BLOB). path is the path to the data in firebase database, something like /users/-KOasdbcde and the value is the JSON value of that path.
EDIT
Here's the structure of that table
Related
Decompile this app or this. You can't see the database(words, Synonym or ...). I wrote a dictionary app and my words are in the SQLite database. After decompiling the app, the person can see the database (words or ...).
How do I hide the database? Like Oxford Dictionary and other dictionaries?
Do these apps use SQLite?
Did I convey my mean clearly?
If you want offline data, you have to encrypt your database. Use a database that you can encrypt, such as Sqlite. DB Browser for Sqlite will help you encrypt your database.
https://sqlitebrowser.org/
Or if you want an online database, then you have to use a backend such as Firebase or Amazon AWS.
You have one option:
Store your words online (in Firebase for example) at first launch you download all the words and store it on SQLite (or Room database) and you are ready to go. By using remote server the download size of your apk also become smaller!
i create my first Android app that use local SQLite database for showing contents.
As you know any user can dump database from phone and see its structure and data.
Does exist any way to prevent database dump from Android phones?
I avoid that anynone can have a look at database data (and then copy it) using any SQLite explorer.
Thank you.
Using password in the connection string
Data Source=filename;Version=3;Password=myPassword;
Source: http://www.connectionstrings.com/sqlite
or encrypting (Search here for SO answers)
I have a problem with my application. I need the data from my MySQL-Database on the server. Usally I'm using HTTP-Posts, but this time I'm have to get a lot of db-Entrys. So I thought, that i'm just copying the database to the device. But here is the next problem: The Database on the device has the same structure like the db on the server, and additional 2 extra tables, to save some local data.
Finally my question is, how to get a lot of data from my database?
One extra question: is it possible/effective to use 2 local databases? So i could use 1 for local data and the other one for the server data. Then it would be possible to copy the db, but i need also an mysql-query, because i don't want to copy the whole data.
Yes, is possible to have 2 local db, and the best way to download an entire db from server is to dump the mysql db on server to a sqlite db, and so you may download the sqlite db from your mobile app.
Well choosing a database is depends on your project requirement. If your data is getting updated frequently on server and you want the display the updated data to the user. Do not copy database in mobile. Instead of it use webservices to get data from remote server.
And Yea, you can create two database in Android, nothing wrong in it. But again I would suggest that for only two tables do not create separate database.That can be merged in single database.
Summary
Frequently Updates in Data : Use MySql + Webservice
Static Data : Go for local db
I want to only read data from the SQLite database. When I am creating database and reading it it is working but I have already a database created and I want to read data from this database.
I am pushing the database to the sdcard and trying to run the application but it is not reading form the database. I want to know that if install this .apk file in device then my database will also shift to the device or not.
Common practice is to store initial data on assets/raw folders of application resources. Then during 1st run just create DB using SQL scripts like:
create table if not exist
Fill DB with initial data - and here you're.
I use a sqlite database in my project. The stored data in it must not be available for the user to edit. As I've read here I saw that if you have root access you can alter sqlite database. The only solution would be to encrypt database content, but this would be time consuming for device. Any solution to prevent access to database ?
I think you'd have to use some computationally cheap encryption for that. Afaik, there's no way to prevent a power user to access the contents of your db.
Or store the sensitive data on some protected remote server, not locally.