I use a sqlite database in my project. The stored data in it must not be available for the user to edit. As I've read here I saw that if you have root access you can alter sqlite database. The only solution would be to encrypt database content, but this would be time consuming for device. Any solution to prevent access to database ?
I think you'd have to use some computationally cheap encryption for that. Afaik, there's no way to prevent a power user to access the contents of your db.
Or store the sensitive data on some protected remote server, not locally.
Related
I am storing my data in Realm DB, I wanted to know is it possible for a non-rooted phone user to see/edit this data or not ??
I am asking this as a security point of concern because when using Shared pref/SQLite on a non-rooted phone no one can see/edit the data.
If the user will be able to view the database depends on where you have saved the database. If you are not modifying the location of the database, then by default the realm database is stored at the same location as SQLite db. So, the user should not be able to view the file.
However, if you are placing the database in a custom folder accessible without root (like sdcard) the user will be able to view it.
For the safety purpose, you can encrypt the database. You can read more about it here
I am planning to switch to Firebase as my local and online database for my Android app. As per the docs, Firebase stores changes to the local database first and then pushed it to the online DB when network is available.
In my app, I would be putting some really sensitive data about the user in the database. So here are my questions,
How secure is the local Firebase database?
How difficult is it for a well-intentioned hacker with the right tools to hack it?
Is it just a simple JSON file like the online database, which anyone with root access can open?
Thanks.
In a general sense, Firebase Realtime Database can be used while offline. However, the expectation is that the app is supposed to be connected most of the time, and changes to the database that happen while offline will be synchronized when it has connectivity. 100% offline use is not really a supported use case, because the canonical data store is on the server.
The local copy of the database is limited to (10MB, at least on Android this is the case). If you intend to write to the database beyond this limit while offline, it will evict part of your cached data to make room for whatever you’re adding. Then, you will no longer be able to read those evicted values until the app goes back online. Worse, managing a growing list of writes to apply when back online is taxing on the app, so you don’t want to plan a lot of writes while offline.
Also, if you have permissions or validations defined for your database, these can only be checked on the server. So, if you’re doing offline writing to your local cache and you no longer have an active listener, you may never know if those writes fail.
Because of these caveats, it’s better not to think of Firebase Realtime Database as an “offline” database. It’s better to think of it as a “synchronized” database that actively syncs to the server while connectivity is present.
What I need the app to do is to store data in a database and let any user fetch the data. I am not sure how SQLite works but from what I know is that it is server-less. With the database being serverless, how do multiple users, other users, access the same data if it is not stored on a server?
look for backend and a service - parse.com or similar.
SQLite is installed on all android systems, and any app which wishes to create and use a database may do so. This however, is only stored locally on the device.
If you wish to share and synchronize data across multiple devices, that is a different issue all to itself. Indeed it will very likely involve a central server somewhere along the line.
Perhaps start your reading at d.android.com
I'm making a simple GPA android app. The user can input their grades and class names for each semester. How would I then store each of these semesters so that they can always be pulled up in the app? I might also need to store random variables that are alone.
I've briefly looked at options such as Shared Preferences, Internal Storage, and others. What option is the best for my needs? Please explain why. Thanks!
Here is Explanation...
Shared preferences are good for storing ... an application's preferences, and other small bits of data. It's a just really simple persistent string key store for a few data types: boolean, float, int, long and string. So for instance if my app had a login, I might consider storing the session key as string within SharedPreferences.
Internal storage is good for storing application data that the user doesn't need access to, because the user cannot easily access internal storage. Possibly good for caching, logs, other things. Anything that only the app intends to Create Read Update or Delete.
External storage. Great for the opposite of what I just said. The dropbox app probably uses external storage to store the user's dropbox folder, so that the user has easy access to these files outside the dropbox application, for instance, using the file manager.
SQLite databases are great whenever you a lot of structured data and a relatively rigid schema for managing it. Put in layman's terms, SQLite is like MySQL or PostgreSQL except instead of the database acting as a server daemon which then takes queries from the CGI scripts like php, it is simply stored in a .db file, and accessed and queried through a simple library within the application. While SQLite cannot scale nearly as big as the dedicated databases, it is very quick and convenient for smaller applications, like Android apps. I would use an SQLite db if I were making an app for aggregating and downloading recipes, since that kind of data is relatively structured and a database would allow for it to scale well. Databases are nice because writing all of your data to a file, then parsing it back in your own proprietary format it no fun. Then again, storing data in XML or JSON wouldn't be so bad.
Network connection refers to storing data on the cloud. HTTP or FTP file and content transfers through the java.net.* packages makes this happen.
Considering this i suggest you to use Sqlite especially in your case.
Best luck
it depends on your need, some times you use all options in the same app,
for example : the best way to store grades and classes is using database, in android SqlLite database.
and for storing some variables values like username and password you just need to use shared preferences.... at least this is my policy in my apps.
SQLite will be the best for your scenario.
As you can create well formatted Tables with desired columns. Either you can use pre-developed database or you can create tables on the go.
Hello I have an android application. In my app I have a SQLite database stored on the device that should be synchronized with a MySQL database stored on the server.
Now I have to retrieve a list of IDs. I can do it querying the SQLite database or the MySQL database. I chose to use the SQLite database because it'd be much faster and easier considering what I have to do. But now I was thinking about it and I have a question: Are the android SQLite database files safe? I mean is there a possibility that someone access these files and modify information inside them or are they hidden to users?
Because if I ask information from the server I'm sure that it is safe, instead I don't know the security level of android databases.
Let's suppose that each ID corresponds to an application ID I paid for (for example application 3 and 5). When I find a way to modify the android database and so adding also application 7 and 8 it would seem to the device that I've paid also for these applications instead I didn't and I can't use them. That's why I was thinking to query the MySQL database, because the user can't modify it, but this way it's gonna be slower. What do you think?
Ideally data stored in your apps private /data directory would be private, but if someone roots their phone they have unfettered access to it. Its best to design based on the assumption that your on-phone database is unsafe without encryption and even then it's still possible that users can try to break in.
With a rooted device, a user could easily add / remove / modify existing records in the database.
One thing you could do, is compute an MD5 hash of the rows in your DB and compare it against a hash you have stored on your MySQL server for that particular user before accepting the "paid" values of your local cache database. This approach may or may not be acceptable to you because obviously it requires an internet connection.
Please check these option too, they might help anyone who want to secure the database.
SQLCipher for Android
1- android Sql3 wrapper library
2- libsqlite3_jni.so
also please read the article below are make your search on the option above, i hope this would help much.
http://www.findbestopensource.com/product/sqlite3-android
Note:
you can secure your device fully as if the device will be rooted by anyone. So use some other secure way like secure the database with 2 factor authentication and password protected.
In case someone rooted your device at least you should have some password protected file .