-3

I have an android app with a SQLite database of 100k+ lines, populated from a *.db file in assets folder.

I would like to make harder the database to be pulled out from the device.

First, what are the ways for someone to pull the database ?

  • he can get the APK and extract the *.db files from assets folder

  • once the app launched, the device's sqlite server can be queried

So, what are the ways to make the database harder to pull :

  • Encrypt *.db files in assets folder

  • SQLCipher for Android ? Anyway, I dont wan't the user to have to type a password, I (the client) just want to make harder the SQLite to be pulled, like storing the password in the code and using proguard to make it hard to find

Regards

Julien D
  • 1,259
  • 9
  • 22

2 Answers2

2

Well if you want to protect the file must be on "Root" directory of android. For that, you need to download ".DB" file from the server and move it onto "root" directory. However, this needs an internet connection for the first time app running

Another way is to use,

SQliteCrypt - with SQLiteCrypt you can encrypt the SQLite database and User do not need to enter the password you can set the key in java file when extracting the data.that will be more secure, fast and reliable.

Parth Bhatti
  • 468
  • 1
  • 7
  • 19
  • Do you think that a 3rd party app can write this root folder ? This is the first point. But then, I also need to restrict access to the SQLite android server, which is a seccond point to be treated equally. – Julien D May 14 '18 at 13:55
  • 1
    every 3rd party app has its own "root" folder which is accessible by that package only (no other package or no end user can access it). – Parth Bhatti May 15 '18 at 06:10
0

I don't know why I have been downvoted, but I think there is no better alternative than initially suggested, to protect data.

Julien D
  • 1,259
  • 9
  • 22