I have a sqlite database in asset folder of my android project. I made it with sqlite database browser and use it in my project. It contains some table with 4 columns. This is working great in my apk file. But problem is if someone want he can easily break my apk file and get my real database also. Now my question is how can I protect my database? Is there any way to set password or encrypt my database.
I searched this type of problem in stackoverflow.com and found some way. But I think those ways are for, when I creating database with code. If I create database or put data with my program I would make my own encryption method also (like shuffling characters). But, again I am saying, my database is pre made and I want to protect this?
In this situation can you help me please? Sorry for bad English.
You can protect your database with help of following libraries. And make sure you use Pro-Guard to protect your code which has encryption keys.
SQL Cipher for Android but its paid library.
SQLite Encript
Android Database SQLCipher
Edit
You should check this blog and OI Safe also .. :)
You can integrate Proguard in your android app. Here is official documentation for this Proguard It will save your apk file from attack.
You can also encrypt your data in SQLite. You can apply AES Encryption to data beforing storing it to database and decrypt data in your code files before accessing it. Yo can also use SQL Cipher to protect your database
Check this Link it will help you
Related
I've been searching a way to implement SQLCipher on my prepopulated database containing more than a million entries. Last three months is the time I've fully devoted to my project's database and it's now complete which led me to a problem.
My app's database is something that I know will be copied in a week or so and copying database is so easy (just open the apk with WinRAR). And in India, No one cares about copyrights so that'll be of no use.
Basically I want to protect my app's database from copying keeping in mind that app should work offline (that being said no PHP/SQL servers).
I've checked GitHub/Google for it and only thing I've found is SQLCipher by Zetetic. Very same thing on GitHub - Here.
Also, One can import following library now: net.zetetic:android-database-sqlcipher:3.5.2#aar and can use this for securing database but it's something works on databases created by app and not on prepopulated. (lib taken from this answer on SO).
-> Now, for me the million dollar question is Is there anyway by which I can either password protect or encrypt my database without putting the database on any server?
P.S. -> I want to make my app work offline and also, I'm just a student and at least for now, can't afford Zetetic's paid service.
Edit - I've gone through codes of some google apps storing databases for some help but they are just using .out files (easily openable with Word/Text editor) compressed in .gz files which is not something I should use.
implement SQLCipher on my prepopulated database
This is pointless. Anyone who wants to can grab the encrypted database, grab the encryption key out of your app, and decrypt the database.
I want to protect my app's database from copying
Don't put it on the device.
keeping in mind that app should work offline
Depending on the nature of your app, you might be able to cache bits of data for offline use, for reduced functionality while offline.
A simpler solution is to not worry about the fact that the database may be copied. To paraphrase Tim O'Reilly, your problem is not security but obscurity.
I have encrypted an SQLDB with SQLCipher...... in the terminal works without problem....
I am trying to open it in eclipse in an ANDROID enviroment, but without success....
I have tried all the possible examples findable on the internet without success.....
I put the database file in assets directory, is it right?
Sometimes the LogCat gives me db encrypted or is not a db and sometimes there is not such table (that I have tried to query)....
Can anyone help me?
I just would like to have an easy example, how to read and open a SQLCipher encrypted DB.
Thx
I have tried all the possible examples findable on the internet without success.
I am not aware of any examples of what you are trying to achieve.
I put the database file in assets directory, is it right?
That depends on what you are trying to do and the code that you are do it with.
My guess is that you are trying to package an encrypted database with your app, to use with SQLCipher for Android. This is useless, as anyone with the talent to get at the database will have the talent to either find your decryption key or find somebody else who can find your decryption key.
That being said, the best solution for doing this would be to port SQLiteAssetHelper to use SQLCipher for Android's classes rather than the standard SQLite classes. If you do this port yourself, you would package your database according to the SQLiteAssetHelper instructions, as a ZIP file in assets/.
I used SQLCipher in Android, but what I do is copy it to phone memory the first time and then use it as a normal SQLite database.
Is it a requirement that DB is located in assets folder?
I am creating an app with a prebundle database, i am using this tutorial to achieve the same,
http://www.reigndesign.com/blog/using-your-own-sqlite-database-in-android-applications/
Now how should i secure this prebundle db using SQLcipher? As in sqlcipher tutorials it assumes that you are creating a new database instead of using an exsisting one.
My aim is to prevent anyone seeing the content of my prebundle db.
This question has some techniques but it is not working for the guy
using sqlcipher to encrypt already existing database and opening it on android
Thanks
Pranay
My aim is to prevent anyone seeing the content of my prebundle db.
Then do not bother. Anyone can grab your encryption key out of your APK and decrypt the database. SQLCipher is to help the user defend the user's data against attackers.
If you do not want the user to have access to the data, do not put the data on their device.
Team,
I have an Android application with large SQLite database this data costs me lots of money and I don't want to let anybody have it easily.
This database come to me as databse.sqlite file and I shipped into into the APK assets.
is there anyway to encrypt this database before shipping and then decrypt while reading the data ?
P.S I searched for this a lot and all of my results point me to use sqlcipher but this lib does not work with shipped SQLite database file.
The problem is that you will need to store the key (or location of the key) somewhere in your code and deodexing the application doesn't take that much effort. Unfortunately, you can't really prevent anyone from accessing the data. You can only make it harder, but it will still be pretty easy for someon who is really determined.
The best solution would be to store the database on a server and only send the data the user actually needs to the device. That way you have at least some control over what data a device requests.
I'm creating a 2d game for Android and i'm using sqlite database for storing game data.Rooted users can change database easily.So i have to encrypt the data and when someone change it i have to understand this.How can i do this?
Take a look to the SQLCipher project. It is an open source library that provides transparent, secure 256-bit AES encryption of SQLite database files.
The web site offers a tutorial for Android.
SQLCipher + user's password could be the right implementation. We need user's password to encrypt the db rather than using the hard-coded strings.