I haven't been able to find a way to open a password-protected SQLite database on Android. Since the device can easily be rooted, I am thinking of password protecting the database file. However, I am not having much luck finding anything built into the Android platform.
I don't think that Android framework supports password protection on databases. Your best bet is to encrypt your data. See SO question: Android Sqlite Password Encryption
You can encrypt SQLiteDatabases. Android does not support full-database encryption so you'd have to implement that yourself if you want to.
If you want to go down the encryption route, you're much better off just encrypting the sensitive information yourself and storing it in a database field, as per Morrison's answer.
All that said -- where are you putting the password for the encryption function? You'll probably need it somewhere in your application! In which case someone can just disassemble your code and then find the password, and decrypt the info (although it will be a bit more work).
Unless you're hashing info (one-way) then without hardware encryption on a device (and even that has flaws) you cannot store anything on the device perfectly securely -- you're always going to need to decrypt the info some time and for that the password has to be on the device somewhere.
If you want really robust security then store sensitive information on a server (preferably in a really secure location), not the device, and only communicate between the device and server over encrypted channels (HTTPS). You'll also need to authenticate the device in a secure manner. But to do that you need to store some sensitive information ON the device in order to authenticate the device with the server, unless you force the user to enter a password every time (recommended if security is a must).
If the information is stored on a server you can't necessarily prevent someone who shouldn't gaining access (by finding the password you have stored or phishing the user if it's stored in their head), but you can revoke access to the information.
Related
I have an Android App where a user enters some sensitive information in the form of text. I need to store this data on a remote server, to be retrieved by that user from a different device. I want to secure this data against everyone other than that user, especially a rogue database admin - the user should be the only one capable of recovering the information.
My approach is, SALT will be generate in Android app and every sensitive data will be hashed with this SALT and will be stored for later decryption to get the actual raw data.
Is this the correct approach? or Any better approach for this?
If yes,
What if the user change the device?
How to use the same SALT in the new device as SALT cannot be saved in database?
Update: Sensitive data needs to be stored in Firebase Database.
Disclaimer
I'm not a security professional. I'm not an expert. I'm just some random developer on the internet who's done some reading in the past and took a stab at answering your question. Head over to the information security stackexchange if you want more reliable information.
A user enters sensitive information into your program. You want them to be able to recover it later, so you must save it somewhere. How to handle this?
Where to save it?
On the device if it doesn't need to be accessible from elsewhere.
On a server if the user might need to access it from a different device (or recover it).
How to secure it?
Encrypt it.
What to encrypt it with?
A standard, secure algorithm (such as AES), and a key derived from a user provided password.
But users tend to come up with poor passwords. If we're sending this to a server, and the database might be compromised, how to protect against brute force attacks?
Employ a key stretching algorithm, such as PBKDF2.
How secure is this, really?
Well if the user picks a poor password, and then your database is compromised, brute force will be relatively easy.
If the password ever leaves their device (like if you, say, reused the same password for the app to log in to your servers or something) then you're treading in dangerous waters.
I want to save some sensitive data (for example, Windows network ID/password) encrypted on an Android device. I am not trying to protect the data from the user; I am trying to protect the data on behalf of the user. I want the data remain encrypted as long as the user has not logged in, so that if a bad person gets access to the physical storage and try to read the data bypassing the OS's authentication.
On Windows and .NET, one can use "System.Security.Cryptography.ProtectedData". The data is encrypted by the Windows account so it does not require an encryption key. If the encrypted data is stored on the disk, you cannot decrypt encrypted the data, even if you bypass the OS by attaching the disk to another computer or booting into another OS.
I have searched Google and Stack Overflow, and most answers directed Account Manager. But I think Account Manager is not good for my case, because I do not want this data to appear in the Settings > Accounts, or used by any other apps. I can encrypt the data using my own code and encryption key, but then the data can be decrypted on another system running my app (I can prevent this but it would need extra ideas and work and be vulnerable to reverse engineering).
What could be the best choice in this case? If there is no such convenient thing like ProtectedData on Android, is there any unique key that I can use for encryption? It must be unique to that account on the device, and not guessable.
I'm developing a video game for Android. It will be an online game, which would save user's statistics, achievement, objects, etc. in the local SQLite database.
Thinking about the security... I read that a user can edit all his/her databases saved in a rooted Android device. I would not want the user to be able to edit the database of the game.
So, what can I do? Is there any option to make the DB really secure? Password? Encryption?
Thanks
A determined attacker can get at any data on the device. If you're encrypting data on the device before putting it in the database, then you have to have keys on the device and a determined attacker can get at any keys that are stored in the devices memory or persisted.
The only way encryption would help is if neither the encryption nor the decryption happens on the untrusted device -- merely the storage. You can encrypt the sensitive data on a machine you trust, storing the encrypted bits in the database for later decrypting by a machine you trust.
You can't use a password to secure this either. Passwords stored in the device memory or persisted on the device can be read as easily as private encryption keys.
If you don't care whether the user reads data from the DB, but don't want them to be able to write data, you could have critical data signed by a trusted machine before being stored. Then if the device connects to a trusted machine, it can check the signature to verify that that critical data has not been tampered with.
EDIT:
You can't trust any computation performed on an untrusted device unless you're willing to go to fairly extraordinary lengths -- the only thing you can do is verify data routed through an untrusted system via signatures, and prevent eavesdropping by an untrusted system on data passing through it via encryption.
If there's nothing online, I'm not sure what you can do. You can make it more difficult, but I'd say its unlikely to be absolutely secure. I think what I'd do is take a snapshop of the db at a checkpoint, and send that off to the server, and (basically) check that the data hasn't been changed by a user. If the hashes don't look right, you can cripple the account (or whatever).
I wouldn't get too crazy, though, unless you have a serious game.
SQLite data encryption is possible, for more detail see this.
This may also help.
I want to hide some data that is entered by user in user's phone encrypted. As far as I know I can encrypt/decrypt data using a key/seed value, but if I hide the key value in code, I know it can be found somehow (e.g. decompiling the Java code).
Do you have any suggestions to make the process harder?
It is impossible to hide the key in the app such that a resourceful hacker won't be able to pull it out. You can try to obfuscate the key and make it difficult to find but it will always be do able.
See this: https://www.excelsior-usa.com/articles/java-obfuscators.html#examples
The best option would be to require your users to specify a PIN or password and to use that as the encryption key. That way if the device is lost or stolen the key is still safe and it also prevents someone from decompiling your app and getting the encryption key for all instances of your application.
One of the new features in Ice Cream Sandwich (Android 4.0) is the keychain API. From the Platform Highlights page (emphasis mine):
Android 4.0 makes it easier for applications to manage authentication
and secure sessions. A new keychain API and underlying encrypted
storage let applications store and retrieve private keys and their
corresponding certificate chains. Any application can use the keychain
API to install and store user certificates and CAs securely.
If you're doing this for username/password data, you should checkout implementing an Authenticator.
Since android does not have any secure storage on it ( at least as of 2.2), you would have to write your own.
The only way to do this really securely is to encrypt with a key derived from a user supplied password (PBKDF2/ RFc2898 being the way to that). Crypto is only as secure as your key and if you store that on the phone in anyway, then someone can find it and use it. This allows you to have the user store the key without actually remembering a large AES key.
There may be libraries that do this for android. I wrote one for windows phone that can be found here if you want some basis for how to do it.
If encryption/decryption all happens on the handset, a determined hacker will be able to crack it. You can make life harder by using obfustication, or (if appropriate for your application), adding user input into the encrypt/decrypt code.
If your application requires network connectivity, it might be worth off-loading some of the code to a server running elsewhere, so that encrypted data lives on the device, but keys are downloaded at run-time. Still not hack-proof, but it reduces risks to confidential data on a stolen device.
I'm currently trying to build an authentication application in Android which stores users' username and password in the memory. Since sensitive information is stored, it would have to be encrypted.
And also the point is that the user does not need to enter a password, I would like to make it such that there is no master password for the app, assuming that the handset is secure.
As such, the encryption key would have to be stored somewhere. My question is, is there any mechanism in iOS/Android that protects my encryption key from being read by a malicious application with root access?
EDIT: I think it should be possible since web browsers store passwords, and I haven't heard a way to extract them.
NO, the user of your application has more control over the platform than you do. Or in this case if the phone was stolen, the new user has full control over the device. There is no place to hide a secret on any device. The same is true for desktop applications, mobile applications and web browsers.