SQLCipher vs Encrypting the data before storing in sqliteDB

Question

Is there is any difference in (encrypting the data before storing in sqliteDB) , (using SQLCipher along with sqliteDB).?

Because in both the case a hacker can able to get my passphrase(He might get from reverse engineering my code) and read my db, right?

Thanks,

score 1 · Accepted Answer · answered Feb 19 '14 at 15:02

1

Encryption using some hard-coded key is generally useless. Anyone who wants to can obtain that key through reverse-engineering.

answered Feb 19 '14 at 15:02

CommonsWare

then where can i keep my passphrase or key ?(FYI,my app works in offline also.) – Nasrudeen Feb 19 '14 at 16:19
1

@Nasrudeen: The user can keep their passphrase in their head, to protect their encrypted data. If, OTOH, you are attempting to prevent the user from getting data on their device, there is little that you can do to stop them. You're welcome to invest in tools like DexGuard to try to make it more difficult for somebody to reverse-engineer your app and find your passphrase, but it cannot and does not prevent it entirely. – CommonsWare Feb 19 '14 at 16:23

1 Answers1