stackoom
  简体   繁体   中英

Protect SQLite DB with password

 原文  2014-01-18 12:59:09       android/ database/ sqlite/ encryption/ passwords

Question

I am working on an android project that I like to prevent users to get to content of my app database.

There are 3 ways I think, but I don't know witch one is the best and don't have any idea about how they should works.

My problem is I don't know which way is the best and how it works.

  1. encrypt all text and data to DB and decrypt when I want to use it!
  2. encrypt whole Database and decrypt when app needs it.
  3. uses 3rd party Libraries like SQLCipher.

2 answers

solution1
 2  2014-01-18 13:31:58

I am working on an android project that I like to prevent users to get to content of my app database

If it is on the user's device, it is the user's database, not yours. It would only be your database if it is on your hardware.

My problem is I don't know which way is the best and how it works.

All are ineffective for trying to prevent the user from accessing the user's data.

Your database should be on internal storage, the default location for SQLite databases. Most users cannot access internal storage to get at the database. The only ones who can are the ones that root their devices. Anyone with the skills and interest to both root their device and try to get at the database in your app will have the skills and interest to either:

  1. Reverse-engineer your app to find your encryption algorithm and key, or

  2. Upload the database somewhere and convince somebody else to reverse-engineer your app to find your encryption algorithm and key

If you do not want the user to have access to the database, do not put it on their device . Access it via Web services from a server of yours.

Tools like SQLCipher for Android are for defending the user's data against attacks. They are not effective as a DRM solution.

solution2
 1  2014-01-18 18:55:55

If you're going to encrypt the data at all, for goodness' sake, use a tested existing library instead of doing it badly yourself! For example, the author of SQLite itself sells an encryption extension (it's used in things like medical information systems), and there are a few other possible solutions too. (I googled for sqlite encryption and I'm sure you can too!)

However, be aware that holding the both encrypted data and the key to decrypt the data on the same non-trusted device is always likely to be troublesome; it's the DRM problem (ie, you've put everything the user really needs to break things on the user's kit, and the user is relatively hostile). You should think about your application architecture; Android devices tend to be fairly well connected, so you can see if keeping the DB on a server somewhere that you control and only feeding little bits to the app (which it might cache, or not) is suitable instead.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Android password protect sqlite How can I protect sqlite db in android from being stolen how to insert username and password permanently in sqlite db How to connect to Password protected SQLite DB with OrmLite? Protect apk installation with password Password protect a preference in Android Protect a Ndef tag with password Protect application with password Password protect folder in android Password protect android app
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM