Encrypt SQLite database without increasing app size?
Asked Answered
C

4

9

Is there any way to encrypt the database of my android app with less increase in app size? I have tried SQLcipher, but it is increasing the size of my app by 10MB which is huge.

Compander answered 11/7, 2014 at 6:51 Comment(0)
C
3

The increase of 10MB in your APK when using SqlCipher can be avoided by shipping a separate APK for each Android architecture you want to target.

For performance and cross platform support reasons SqlCipher is implemented in C code and built as a native Android .so library using the Android NDK. A different library is built for each Android architecture it supports, which in the case of SqlCipher are:

  • armeabi
  • armeabi-v7a
  • x86

To minimize the file size increase caused by SqlCipher you can build a seperate APK that only includes the architecture that matches your users device. Take a look at the Android developers site on how to publish multiple APK's targeting different device configurations.

During my testing following this technique reduced my APK from 10MB to 4MB.

For further information this article details how to implement SqlCipher on Android and explains the file size increase.

Corissa answered 23/4, 2015 at 5:36 Comment(0)
B
2

It depends on your actual needs but a simple way would be to encrypt/decrypt the data itself before you write to / read from the database. This would have minimal impact on the apk size but there's more effort needed on your side.

If high security is required, just accept the 10MB and get on with life :-)

Brunell answered 23/4, 2015 at 6:1 Comment(1)
Does encrypting each value by using the same cipher reduce the security? I mean, many many data with identical cipher could be a clue for cryptanalysis?Immedicable
P
0

There are two main databases are widely used currently for Java/Android applications. In this case, SqlLite and H2 Database. According to SQLite vs H2 DB we can see a set of differences features between both databases. For example, both databases has ACID features, transactions, referential integrity and Unicode representation. However, only the H2 Database has Encryption Data, Brute-Force Protection and Native Network Encryption.

This Encryption mechanism uses the AES algorithm where the database files can be encrypted. As H2 Database uses AES to emprypt data files, in general, we can infer that it can be lightly slow than SqlLite because en[de]crypt parses used by the AES. So, en[de]crypt can add an overhead cost in terms of efficiency when was used the H2 Database.

In summary, H2 Database can be an useful alternative to small projects when encryption data is important. In addition, it is important to notice that more experimental (empirical benchmark) is important to do conclusions about performance issues that involving booth databases. Notice that small and lightly slow are subjective since we need experimental evaluation to be more precise to compare both (or others) databases.

Some useful references used:

Predestination answered 1/4, 2015 at 11:43 Comment(0)
N
0

if you are using gradel, include an abiFilter in the gradle configuration, e.g.

ndk {
    abiFilters "armeabi", "armeabi-v7a"
}

If that doesn’t reduce the size enough you will need to reconsider using SQLCipher to provide your application with local data encryption.

Namangan answered 22/8, 2018 at 7:52 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.