I'm creating a 2d game for Android and i'm using sqlite database for storing game data.Rooted users can change database easily.So i have to encrypt the data and when someone change it i have to understand this.How can i do this?
Take a look to the SQLCipher project. It is an open source library that provides transparent, secure 256-bit AES encryption of SQLite database files.
The web site offers a tutorial for Android.
SQLCipher + user's password could be the right implementation. We need user's password to encrypt the db rather than using the hard-coded strings.
Related
I ship a database with my app, and I would like to protect the data model from others peeking inside. Basically I dont want anyone opening the db file besides the app itself.
My research has led me to SQLCipher for Android:
https://guardianproject.info/code/sqlcipher/
However some of the posts online say that encrypting DB will not prevent someone from opening it, as an attacker can easily look up the key:
Android How to use SqlCipher with pre-bundled Sqllite Database?
To me if the key can be looked up then the point of encrypting a shipped db is pointless as it does not offer protection.
My question is:
Is SQLCipher the right approach to encrypt the DB in order to protect its data & model from attackers?
Is it possible to encrypt the whole database? I'm currently using AES 256 ECB encryption for field level encryption. I need to know if there is any good option for encrypting the whole database.
Maybe this is what you are looking for:
SQLCipher is an SQLite extension that provides transparent 256-bit AES
encryption of database files.
Source: Android database encryption
You can also encrypt database with different available standard library.
we used below library it works very good..
One of them is : https://github.com/sqlcipher/sqlcipher
For Specific to Android : https://github.com/sqlcipher/android-database-sqlcipher
I have created a dictionary, currently store data in sqlite, asset folder. But that way, hacker can access to my database easily. I wonder if there any best way to store data in android, especially for dictionary which contains text and image.
You could use SQLCipher to encrypt the database.
More here: SQLEncrpytion
I have a sqlite database in asset folder of my android project. I made it with sqlite database browser and use it in my project. It contains some table with 4 columns. This is working great in my apk file. But problem is if someone want he can easily break my apk file and get my real database also. Now my question is how can I protect my database? Is there any way to set password or encrypt my database.
I searched this type of problem in stackoverflow.com and found some way. But I think those ways are for, when I creating database with code. If I create database or put data with my program I would make my own encryption method also (like shuffling characters). But, again I am saying, my database is pre made and I want to protect this?
In this situation can you help me please? Sorry for bad English.
You can protect your database with help of following libraries. And make sure you use Pro-Guard to protect your code which has encryption keys.
SQL Cipher for Android but its paid library.
SQLite Encript
Android Database SQLCipher
Edit
You should check this blog and OI Safe also .. :)
You can integrate Proguard in your android app. Here is official documentation for this Proguard It will save your apk file from attack.
You can also encrypt your data in SQLite. You can apply AES Encryption to data beforing storing it to database and decrypt data in your code files before accessing it. Yo can also use SQL Cipher to protect your database
Check this Link it will help you
I am creating an app with a prebundle database, i am using this tutorial to achieve the same,
http://www.reigndesign.com/blog/using-your-own-sqlite-database-in-android-applications/
Now how should i secure this prebundle db using SQLcipher? As in sqlcipher tutorials it assumes that you are creating a new database instead of using an exsisting one.
My aim is to prevent anyone seeing the content of my prebundle db.
This question has some techniques but it is not working for the guy
using sqlcipher to encrypt already existing database and opening it on android
Thanks
Pranay
My aim is to prevent anyone seeing the content of my prebundle db.
Then do not bother. Anyone can grab your encryption key out of your APK and decrypt the database. SQLCipher is to help the user defend the user's data against attackers.
If you do not want the user to have access to the data, do not put the data on their device.