Login/Register
Sqlite database security
Asked Answered
Solved androidsqlitesecurity
W

6

24

I'm developing an application which will be storing user sensitive data. My issue is using other applications that a user can view that stored data with. Then I need to provide better security for the data in general.

Is there any way to provide better security for SQLite database and tables?

Wadesworth answered 29/6, 2010 at 11:35 Comment(0)
V
6

The author of sqlite offers a version that encrypts data. It's not free though

Vamp answered 29/6, 2010 at 17:38 Comment(1)
@Vamp is correct -- the license is a perpetual license for $2000 USD.Takahashi
B
16

Encrypt your data before you enter it in the database. As far as I know, the SQLite database is kept in a single file somewhere in the /data/ directory. What is more, your data is kept in plain text format. This means that it will always be possible for someone to extract that data by rooting the phone, obtaining the .db SQLite file and opening it with a text editor.

So, encrypt your data :)

-- Okay, maybe not a text editor, but a simple hex editor. Anyways...

Ballocks answered 29/6, 2010 at 11:43 Comment(5)
Anyone capable of rooting their phone is capable of decompiling the APK and getting the decryption key.Case
@CommonsWare: Well, yes, but propose a better way. We are talking about securing an SQLite database. If the question was about overall data security, then storing the data on a backend server somewhere (communicating over a secure connection) would be a better approach.Ballocks
There is no "better way". Anyone capable of rooting their phone is capable of decompiling the APK and getting the decryption key. Encrypting the database may secure you against some percentage of people (those who know how to root but do not bother hunting for the decryption key). It is a fairly fundamental rule of security that you cannot completely secure data against a user that holds the device in question.Case
@CommonsWare: I completely agree with you. However, when we limit ourselves to the actual question (concerning data, that is being stored in a SQLite database and a 'way to provide better security for sqlite database and table' is being sought), then, do you propose a better way of improving the security? Apart from that, yes, physical access is root access.Ballocks
using a one way hash and not actually storing it on the device is a better approach. Just compare the data in question after hashing it. This way if the device is lost, they may have your information from the phone, but they are going to be hard pressed to get anywhere else with it. I like md5, but theres lots of hash algorithms..Tattle
P
13

Check out SQLCipher for Android. It's free (Apache 2 and BSD licences).

PS.: Some ORMs also support SQLCipher now, e.g. our greenDAO.

Punner answered 22/5, 2012 at 10:47 Comment(0)
W
6

You could encrypt the data using a user specific salt retrieved from your server. That way, even with root access you would need the users salt to decrypt the database. Since you have control over the salt you provide an extra layer of security, however, your user will always need a network connection to access their data.

Whortleberry answered 29/6, 2010 at 17:36 Comment(0)
V
6

The author of sqlite offers a version that encrypts data. It's not free though

Vamp answered 29/6, 2010 at 17:38 Comment(1)
@Vamp is correct -- the license is a perpetual license for $2000 USD.Takahashi
G
2

why are you keeping sensitive data on the phone? If its sensitive, why not send it back to the server where you have control over things. If the user roots their phone, they can basically do what they want. Other than that, encrypting like Shade mentioned would probably be your only option...

Genic answered 29/6, 2010 at 16:52 Comment(0)
K
0

Good way to protect the the Database is to use the password Protected database and you can create it by using

1- android Sql3 wrapper library

2- libsqlite3_jni.so

also please read the article below are make your search on the option above, i hope this would help much.

http://www.findbestopensource.com/product/sqlite3-android

Kreisler answered 14/12, 2012 at 11:26 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.