Android. How to protect your database?

Question

Hi,

do you know any ways how to protect your database in Android?

I consider following ways, but don't know whether it is possible to do:

1. access to database has only application owner (which created and serves it)
2. restrict or deny access to database to all applications during the usage session of DB owner application
3. are there any ways to password protect your database?

Test with sqlite3 showed that you can change database while other application uses it. So, I assume that possibly some external application can corrupt your data or use it which is bad.

And also how do you propose to process database exception that could occur during such simultaneous database usage:

1. show to user message and close
2. show to user message and continue working
3. just close ?

and after all this happens how do you propose to launch application next time?

Thanks

Answer 1

The android system automatically implements and enforces option (1) from your list. Every application on the phone/system has its own user ID, and no application can access the database files of any other application.

If you do want to share your data (with access controls), you can create a content provider, which can then be used by other applications: http://developer.android.com/intl/de/reference/android/content/ContentProvider.html

There are a couple of exceptions to the rules above:

1. In the emulator in the SDK, the adb shell gives you full access to the emulated phone's filesystem. This is not the case in a live android phone.
2. In a phone that has been "rooted", any application that gets root permissions can then access the db files of any other application (as well as anything else) - this is the cost/risk of rooting your phone, and is the device owner's responsibility.

Basically, you don't need to worry about it. Android will normally prevent these issues for you.