I have a SQLite DB that I include with the APK. DB is under Assets folder and is copied over to a folder on internal storage.
Everything works fine, however I have security concerns regarding the DB.
More specifically someone copying and opening my DB file.
How would one go about securing the DB file?
You could encrypt the database if you wanted to, but then you would need to include a key in your program to decrypt it. Here is one easy to use product SQLCipher.
At the end of the day, the best you can do is make it harder for the DB to copied off the phone and read.
Related
I know about copying the database file solutoin,
How do I backup a database file to the SD card on Android?
Android backup/restore: how to backup an internal database?
Android backup/restore: how to backup an internal database?
in fact I was backing up my databases using this method, and up until a little while ago it was working perfectly.
until some multi-thread stuff made me use of enableWriteAheadLogging
now I have two more files near the database file with .db-wal and .db-shm extensions.
copying just the datbase file .db is not working as most of the times the file does not contain the latest database commits (which are available throw app itself) however when I copy three files together it seems to work fine (not quit sure, albeit)
as Sqlite people recommend, the best practice for backing up a sqlite database is to use backup api but can someone guid me on how I can use this api from inside an application, or even use sqlite .dump (How do I dump the data of some SQLite3 tables?) method from inside an app ?
So Which one is the best practice to back up a sqlite database from an android app?
1- Copy all the database-related files from the sandbox
2- Use sqlite Backup Api
3- Use sqlite .dump
4- any other method
The SQLite backup API is the only mechanism that works correctly with concurrent write accesses from other threads/processes. Which of course means that the Android database framework does not give you access to it.
If you are sure that there are not any active connections, you can just copy all files. (Leaving out journal or WAL files would lead to data corruption.) In the case of WAL, the -shm file
does not contain any permanent data and could be omitted.
The VACUUM INTO command introduced in SQLite version 3.27.0 (2019-02-07) can serve as an alternative to the backup API.
I searched a lot. but they not worked for me.
I have an encrypted database in asset folder. How can I decrypt in for copy to data folder?
I know how can copy db from asset to data in normal situation. But now I have encrypted database in asset folder.
I'm not familiar with dbconvert.com but as far as I can tell the site you used has nothing to do encryption/decryption. It appears to convert from one format to another... so assuming you converted any format to SQLite (which is what Android uses) then you should just be able to copy the database from your assets folder when the app is first run and from then on use it just like any other SQLite database. There are plenty of examples/code for this on the Internet and also Stack Overflow, for example: How to use an existing database with an Android application
In my iOS app I have a large (270MB), pre-populated, read-only sqlite database. I keep the data in the app bundle and query it with no problems. I do not copy the database to the user's documents folder, because it would be pointless in this situation to take up more space with a duplicate database. I have a separate much smaller database I copy to the user's documents folder to store the user's preferences. The app works just fine.
Now I'm trying to port my app to Android using Android Studio, but it does not seem possible to access the database from the assets folder. I have found plenty of documentation on database helper classes for Android, which I have tried, but the approach always seems to be to copy the database from the assets folder to the user's data folder. This would be a waste of space and also in my experience the app is unable to copy the database without crashing (maybe because of the size? I had no problems copying a smaller test database).
Is there a way to access the database without copying it to the user's data folder? If not can anyone think of another way of approaching this?
No, You can not directly write into the files of ASSETS folder in your application as the resources folders are read-only.
So You have to compulsory copy your database first from your assets folder to your sdcard and then only you will be able to read & write into it.
As GrIsHu said, you can only read database from asset folder. If you need to do more operation like create, update, delete you can do a tricks. Copy the database from assets folder to storage and then you can do anything you want.
Here is a quick example of Working with Android Pre Built Database.
There is a easy to use library too for accessing database from assets folder. You can check [Android SQLiteAssetHelper] here.2 Good luck!
I've found a lot of solutions to about how its possible to copy a database from assets to /data/data/tld.c.u/databases/ - But is it absolutely impossible to just open the database in readonly and query its content?
I have a rather large database i'm distributing with the app and its kind of a waste if the database must be copied out of the assets folder.
But is it absolutely impossible to just open the database in readonly and query its content?
Yes.
I have a rather large database i'm distributing with the app and its kind of a waste if the database must be copied out of the assets folder.
Consider not distributing it with the app, but rather downloading it on first run, or using Google Play's new APK expansion files facility.
I'm writing my first serious Android App, which basically is interface to three DB tables.
Data in those tables are predefined by me, so, user should install those app with those data.
What is the best way to include those data in application package? Maybe there is a way to embed SQLite into my application distribution?
Or is the only way is to define array of "insert into" strings somewhere in class and execute them to fill internal SQLite storage?
Would appreciate any recommendations.
I am currently doing the same thing in my app. Having a sqlite database file in my assets folder and copying it into the SD card at startup if it's not in there. There's a nice tutorial there and I use part of its code.
Put the database file in your assets and then copy it over to your application's data directory.
Your can check out this tutorial