Secure database storage in Android
Question
I'm implementing the in-app-billing system for my app and (as the documentation advices) I'd like to add some encryption system to the database.
I've tested SQLCipher , I liked it but since it need to override all the classes at android.database.sqlite.* your app loses the connection to that part of the SDK, losing possible important future updates and depending on the developer (or yourself since is opensource).
Other solution I've considered is to add a extra column in the sensible tables storing there a value (unique for each device), and then ignore the data that don't contain that key. But this method is clearly more weak.
How can I improve the security without using SQLCipher? Thanks
1 answers
solution1
1 ACCPTED 2012-10-26 22:51:31
If your sensible table contains columns that are sensible and some that aren't, and if you don't use the sensible columns in a where clause, the you can easly encrypt/decrypt just that sensible fields on write/read operations without a significant performance cost.
If you need to use sensible columns in your where clause in a table with just a few records, you can read all the records, decrypt and choose.
If none of the above aplies, then I have no other suggestion beside SQLCipher .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.