tags:

views:

877

answers:

4
Q: 

android database encryption

android uses sqlite database to store data, I need to encrypt the sqlite database, how can this be done? I understand that application data is private. However I need to explictly encrypt the sqlite database that my app is using.

A: 

Why not just encrypt that data going into the database and only store the key for some-odd amount of time before having the user re-enter it?

Check out http://www.androidsnippets.org/snippets/39/

Ryan  2010-02-04 23:28:51
how to encrypt the schema then? the schema would still be visible to intruder
 2010-02-04 23:40:02
A: 

What you want is not possible. First, there's no way to write it -- Ryan's answer is the closest you can get. Second, anybody who has the ability to access the database file will have the ability to decrypt it, by simply ripping the encryption key/algorithm out of your application.

CommonsWare  2010-02-05 01:40:59
Just to pick nits... that isn't necessarily true. The DB could be stored on the SDCard (which is easily accessible) while it requires root access to even be able to touch the app (assuming it's protected).
fiXedd  2010-02-05 03:43:00
that's precisely my case, I store the db on SDCard.
 2010-02-10 02:12:33
A: 

http://sqlite-crypt.com/ may help you to create an encrypted database, though I've never used it on android seems to be possible with the source code.

dtmilano  2010-02-05 12:32:44
A: 

If the database will be small, then you could gain a small amount of security by decrypting the whole file to a temp location (not on sd card), then re-encrypting when you've closed it. Problems: premature app death, ghost image on media.

A slightly better solution to encrypt the data fields. This causes a problem for WHERE and ORDER BY clauses. If the encrypted fields need to be indexed for equivalence searching, then you can store a cryptographic hash of the field and search for that. But that doesn't help with range searches or ordering.

If you want to get fancier, you could delve into the Android NDK and hack some crypto into C code for SQLite.

Considering all these problems and partial solutions, are you sure you really need a SQL database for the application? You might be better off with something like a file that contains an encrypted serialized object.

Mark Borgerding  2010-03-20 14:51:55

related questions

SQLite3::BusyException
How do I dump the data of some SQLite3 tables?
Database functionality with WPF app: SQLite, SQL CE, other?
SQLite UDF - VBA Callback
JavaScript sqlite
SQLite/PHP read-only?
Is there a MySQLAdmin or SQL Server Management Studio equivalent for SQLite databases on Windows?
What are the advantages of VistaDB
How Scalable is SQLite?
Programmatically access browser history
SQL Pagination
Metalanaguage to describe the Model from MVC to generate identical client and server side code
Java and SQLite
Is there a good IDE for SQLite ?
Does Visual Studio Server Explorer support custom database providers?
Objective-C: Passing around sets of data
What is the best way to connect and use a sqlite database from C#
Quick easy way to migrate SQLite3 to MySQL?
Why does sqlite3-ruby-1.2.2 not work on OS X?
T-Sql date format for seconds since last epoch / formatting for sqlite input
What's the best way of converting a mysql database to a sqlite one?
SQLite vs MySQL
Using SQLite with Visual Studio 2008 and Silverlight
Adobe Air - Using multiple SQLite databases at once
SQLite and XSD