Is it necessary to encrypt the sqlite db that goes with your Android app?
As Michael commented, it depends whether the data is required to be encrypted, but in general, it's better to encrypt the data and then store it in the database then encrypt-decrypt the whole database.
Related
I want to secure my sqlite database.
I searched a lot but ended up with the suggestions of using SQLCipher.
Is there any new advancement in this field other than SQLCipher?
Please suggest.
If you don't want to use SQLCipher, One thing you can do is encrypt your data before storing it in the database and decrypt it at runtime when populating it.
You can use a encryption key that you can store on Firebase and retrieve it from there at your app startup, this will add another layer of security to your encryption because the key will not be exposed inside the app if someone decompiles the app.
I'm securing my database on my own, procedure is following:
ORMLite used as ORM (platform independent ORM over SQLite)
All sensible data stored in BLOB's
BLOB's secured using standard encryption technique, e.g. com.madgag.spongycastle works well under Android
Decompile this app or this. You can't see the database(words, Synonym or ...). I wrote a dictionary app and my words are in the SQLite database. After decompiling the app, the person can see the database (words or ...).
How do I hide the database? Like Oxford Dictionary and other dictionaries?
Do these apps use SQLite?
Did I convey my mean clearly?
If you want offline data, you have to encrypt your database. Use a database that you can encrypt, such as Sqlite. DB Browser for Sqlite will help you encrypt your database.
https://sqlitebrowser.org/
Or if you want an online database, then you have to use a backend such as Firebase or Amazon AWS.
You have one option:
Store your words online (in Firebase for example) at first launch you download all the words and store it on SQLite (or Room database) and you are ready to go. By using remote server the download size of your apk also become smaller!
I wrote my sqlite database then i imported to my application,
I used this ,and it works fine.
after that I recognized that my database is unencrypted, so with any root phone can access it.
so i suggested this way:
1- encrypt my database with key then
2- return it to my application then
3- use encryption key in my code to decrypt database then
4- I use proguard to encrypt my code(because my code has the encryption key).
does this way is correct?
yes, how to do it?
no, what I must to do?
I read about sqlcipher, but I think this technique to encrypt database from creation.
is Full Database Encryption for SQLite
sqlcipher
here is example
I have a sqlite database in my app which I don't like others to extract and use it without my permission.
If this is impossible, can I use another DMS (instead of sqlite) which has this possibility?
is there any way to have an encrypted sqlite database?
You can help the user defend the user's data via something like SQLCipher for Android.
I have a sqlite database in my app which I don't like others to extract and use it without my permission.
An encrypted database, whether SQLCipher or otherwise, will not block access to the data. Your passphrase for the encryption will have to be in the app. That passphrase can be found by reverse-engineering your app. While you can use tools like DexGuard to try to make reverse-engineering more difficult, if somebody is interested in the data, they can get to it.
I use a sqlite database in my project. The stored data in it must not be available for the user to edit. As I've read here I saw that if you have root access you can alter sqlite database. The only solution would be to encrypt database content, but this would be time consuming for device. Any solution to prevent access to database ?
I think you'd have to use some computationally cheap encryption for that. Afaik, there's no way to prevent a power user to access the contents of your db.
Or store the sensitive data on some protected remote server, not locally.