tags:

views:

45

answers:

4
+1  Q: 

Secure information contained on iPhone SQLite DB

I am working on an iPhone app that uses CoreData(with SQLite) to stores some sensitive biographical data that is downloaded via a Restful Web Services for offline use in the device.

I am worried that the competition could pay a subscription and extract the .sql file via SSH with a jailbroken device, and make copies of the data that has taken us so long to collect and maintain, and is the foundation of the service.

I was wondering if someone could suggest a way to make it more complicated for them to extract this data. I also store some HTML files with sensitive information in the Resources group that i would like to make harder to extract.

Thanks,

A: 

You could encrypt the data before your write it to the DB. Note that using encryption may have implications for selling your app in different countries around the world. This thread might be helpful to you.

joelm  2010-07-26 14:00:17
I'm sorry but this is a bit obvious, what isn't obvious is where is he going to put the key. (there is no safe place on a jailbroken device)
Rook  2010-07-26 15:47:28
+1  A: 

Security by obfuscation almost never works.

You should properly licence your application instead of trying to do this sort of thing. If someone really wants to have access to your sensitive data they will surely find a way to do it.

the_void  2010-07-26 14:18:18
A: 

The problem with a jailbroken device is that the attacker has more control than you do. There is no place where you can hide information, most importantly encryption keys.

There is nothing keeping your competition from stealing this data if the want to obtain it. You are looking for security though obscurity, and you are wasting your time. Consider a different business model.

Rook  2010-07-26 15:46:12
A: 

I would point out that under American and EU law, you can copyright a database i.e. a specific collection and/or order of information, even if the individual units of data exist in the public domain.

It's just like an encyclopedia. A encyclopedia is a collection of facts that belong to no one but the collection of facts constitute something that is copyrightable.

Copyright is the only possible protection against someone who buys access to the data in the software.

TechZen  2010-07-26 18:39:00

related questions

SQLite3::BusyException
How do I dump the data of some SQLite3 tables?
Database functionality with WPF app: SQLite, SQL CE, other?
SQLite UDF - VBA Callback
JavaScript sqlite
SQLite/PHP read-only?
Is there a MySQLAdmin or SQL Server Management Studio equivalent for SQLite databases on Windows?
What are the advantages of VistaDB
How Scalable is SQLite?
Programmatically access browser history
SQL Pagination
Metalanaguage to describe the Model from MVC to generate identical client and server side code
Java and SQLite
Is there a good IDE for SQLite ?
Does Visual Studio Server Explorer support custom database providers?
Objective-C: Passing around sets of data
What is the best way to connect and use a sqlite database from C#
Quick easy way to migrate SQLite3 to MySQL?
Why does sqlite3-ruby-1.2.2 not work on OS X?
T-Sql date format for seconds since last epoch / formatting for sqlite input
What's the best way of converting a mysql database to a sqlite one?
SQLite vs MySQL
Using SQLite with Visual Studio 2008 and Silverlight
Adobe Air - Using multiple SQLite databases at once
SQLite and XSD