In my Android application I want to encrypt a db file. How can I do that?
The DB, normally, is stored in your application directory which is only accessible to the user-id assigned to your application.
I don't think there's any way to explicitly encrypt the DB using the android framework but an easier approach would be to encrypt the information you store in the DB. That works well if your user needs to enter some password to access the application and you can use this password to encrypt your information. But if your application doesn't require any password login then you will have to keep the encryption key in code and the security of your data will be compromised if some decompiles your application and finds the key.
Sun has an article that explains how to use AES encryption here. As far as I can tell all of the necessary libraries are available from Android.
Related
I have Android and iOS apps which need to post to social networks, like Twitter and Facebook, directly using users' accounts.
Is it safe to embed the API Key and Consumer Secret in source code (or put in a pref file) within the Android/iOS app? Wouldn't it be possible that some hacker can find the API Key and Consumer Secret?
Pref is never safe for storing your passwords, it have been seen simply in root devices you can encrypt your pass and then put in pref but still your encrypt key exist in code in my experience your codes are not safe too even you use ProGuard.it can decompile and normal developer(not even hacker) can find keys I suggest you never store passwords locally .
if you have to do this I suggest you
use complex code with multipart password that each part store in different location with encryption
also from api 23+ you can use KeyStore
use ndk and store pass in c form
and finally use Proguard and DexGuard.
How can i secure my application and also protect my database in application. Which means data is not accessed by other application or by reverse engineering. Like in banking application login data and other information is stored in app but we can not accessed. How to achieve this type of security in application.
Encryption is way to achieve security but there are many types of encryption. I am not getting to figured out that which encryption type is better for security in application.
You can use sqlcipher to protect your sqlite database
click here
I'm creating a dictionary app. I want to encrypt sqlite database (which has meaning for words) in my PC before creating the app. Then generate the apk file with that encrypted database, so that when somebody unzip the apk file, they only see encrypted database. Each and every time the user searches for a word, then the encrypted "meaning" of the word should be decrypted by the android app. I've gone through multiple threads, they talked about encrypting and decrypting the database in the phone. Please suggest me some safe methods to safeguard my hardwork.
There is no problem. Just encrypt before compiling the app, add the key to the app and decrypt in the app when needed.
Of course a competent attacker will be able to get the key.
Protecting assets from the device owner is very hard and generally requires DRM which is difficult and still not completely secure.
Actually, there should no need to encrypt any data on the mobile side because this sounds incorrect at the first place when you publish things should be secured around the world, you don't know how much the user device itself secure, and the user could be professional enough to crack your app and its security.
If you want something secured, secure it in your backend, and talk with your backend with api secured with https with headers have Auth token auto-generated for each user.
I want to encrypt the database before creating apk and decrypt it when
a user searches for a word.
If you mean decrypt inside your mobile and search inside your sqllite itself, why you encrypt it, if the code inside mobile will encrypt and decrypt, attacker even junior level one, will be able to hack your data!!
I'm working on an application which uses SQLcipher and it's offline, So its not possible for me to fetch Key from server to communicate with encrypted database.I have to store it securely somewhere within the device. One solution would be to store key in preference but if the phone is rooted on can gain access to these folders. Data used in application are highly confidential and I cannot let that get accessed. Would be great if you recommend things to sort this case. Thanks in advance.
You can use conceal library by facebook for the same.
https://facebook.github.io/conceal/
In developing an Android application that will store certain user date into a sqlite database, how should I handle a user password securely? How can I encrypt the password so that it does not appear "in the clear" in the database, but so I can decrypt it in the application when needed.
Storing user credentials in a database presents many security challenges. You may want to consider an alternative (e.g. using OAuth 2.0 Authentication). We don't need yet another Android app with security vulnerabilities. Here is a ref for OAuth 2.0 Authentication from Google.
While one alternative that many folks do use is to "hash" the username and password using an algorithm like SHA-1 (MD5 has some vulnerabilities, though it is also used often)
The best approach would be to store SHA-2 (or some other type of hash) of the password, and then compare those hashes instead of the actual decrypted passwords.
Storing passwords is a bad practice and is not secure even if they are encrypted. Remember, everything can be broken. The best you could do is to make things more difficult for the hacker.