I am creating an app with a prebundle database, i am using this tutorial to achieve the same,
http://www.reigndesign.com/blog/using-your-own-sqlite-database-in-android-applications/
Now how should i secure this prebundle db using SQLcipher? As in sqlcipher tutorials it assumes that you are creating a new database instead of using an exsisting one.
My aim is to prevent anyone seeing the content of my prebundle db.
This question has some techniques but it is not working for the guy
using sqlcipher to encrypt already existing database and opening it on android
Thanks
Pranay
My aim is to prevent anyone seeing the content of my prebundle db.
Then do not bother. Anyone can grab your encryption key out of your APK and decrypt the database. SQLCipher is to help the user defend the user's data against attackers.
If you do not want the user to have access to the data, do not put the data on their device.
Related
I ship a database with my app, and I would like to protect the data model from others peeking inside. Basically I dont want anyone opening the db file besides the app itself.
My research has led me to SQLCipher for Android:
https://guardianproject.info/code/sqlcipher/
However some of the posts online say that encrypting DB will not prevent someone from opening it, as an attacker can easily look up the key:
Android How to use SqlCipher with pre-bundled Sqllite Database?
To me if the key can be looked up then the point of encrypting a shipped db is pointless as it does not offer protection.
My question is:
Is SQLCipher the right approach to encrypt the DB in order to protect its data & model from attackers?
I am creating an android app, UI/UX and andoid work are finished. I am new to database setup. Can anyone tell me which type of database I should use to store descent amount of data like signup details and app using details. Should I use DBMS or RDBMS or SQlite? help me. Thank you.
In my point of view , you have to use SQLite for android apps.
There are several benefits in SQLite like :
SQLite is embedded into every Android device.
Using an SQLite database in Android does not require a setup procedure or administration of the database.
You only have to define the SQL statements for creating and updating the database. Afterwards the database is automatically managed for you by the Android platform.
I see a sqllite database in another application, why can't I just just drag and drop from that application to mine in the eclipse environment? that way I can use data already in that database?
Android doesn't do too well with using an sqlite database file directly. Generally the way to go around it is to package an sqlite database as a resource and on first create of the app to load that resource and then connect to it and then copy all the data out of it. The downside of this is you are essentially doubling all your data.
If you are the publisher of the other app then you can list the database as a shared database to share between your apps.
Share SQLite database between 2 android apps?
Noone has written an Eclipse plugin that does that. You can write one if you feel it is both useful and worth your time.
I have a sqlite database in asset folder of my android project. I made it with sqlite database browser and use it in my project. It contains some table with 4 columns. This is working great in my apk file. But problem is if someone want he can easily break my apk file and get my real database also. Now my question is how can I protect my database? Is there any way to set password or encrypt my database.
I searched this type of problem in stackoverflow.com and found some way. But I think those ways are for, when I creating database with code. If I create database or put data with my program I would make my own encryption method also (like shuffling characters). But, again I am saying, my database is pre made and I want to protect this?
In this situation can you help me please? Sorry for bad English.
You can protect your database with help of following libraries. And make sure you use Pro-Guard to protect your code which has encryption keys.
SQL Cipher for Android but its paid library.
SQLite Encript
Android Database SQLCipher
Edit
You should check this blog and OI Safe also .. :)
You can integrate Proguard in your android app. Here is official documentation for this Proguard It will save your apk file from attack.
You can also encrypt your data in SQLite. You can apply AES Encryption to data beforing storing it to database and decrypt data in your code files before accessing it. Yo can also use SQL Cipher to protect your database
Check this Link it will help you
I'm creating a 2d game for Android and i'm using sqlite database for storing game data.Rooted users can change database easily.So i have to encrypt the data and when someone change it i have to understand this.How can i do this?
Take a look to the SQLCipher project. It is an open source library that provides transparent, secure 256-bit AES encryption of SQLite database files.
The web site offers a tutorial for Android.
SQLCipher + user's password could be the right implementation. We need user's password to encrypt the db rather than using the hard-coded strings.