tags:

views:

113

answers:

4
+1  Q: 

Sqlite database security

Hi,

I'm developing Application which storing user sensitive data. My issue is using other application user can view that store data. Then i need to provide better security for data.

is their any way to provide better security for sqlite database and table? I'm really appreciate your comments.

Thanks,
Chandana

+1  A: 

Encrypt your data before you enter it in the database. As far as I know, the SQLite database is kept in a single file somewhere in the /data/ directory. What is more, your data is kept in plain text format. This means that it will always be possible for someone to extract that data by rooting the phone, obtaining the .db SQLite file and opening it with a text editor.

So, encrypt your data :)

-- Okay, maybe not a text editor, but a simple hex editor. Anyways...

Shade  2010-06-29 11:43:12
Anyone capable of rooting their phone is capable of decompiling the APK and getting the decryption key.
CommonsWare  2010-06-29 11:59:29
@CommonsWare: Well, yes, but propose a better way. We are talking about securing an SQLite database. If the question was about overall data security, then storing the data on a backend server somewhere (communicating over a secure connection) would be a better approach.
Shade  2010-06-29 13:16:30
@Shade: There is no "better way". Anyone capable of rooting their phone is capable of decompiling the APK and getting the decryption key. Encrypting the database may secure you against some percentage of people (those who know how to root but do not bother hunting for the decryption key). It is a fairly fundamental rule of security that you cannot completely secure data against a user that holds the device in question.
CommonsWare  2010-06-29 14:00:35
@CommonsWare: I completely agree with you. However, when we limit ourselves to the actual question (concerning data, that is being stored in a SQLite database and a 'way to provide better security for sqlite database and table' is being sought), then, do you propose a better way of improving the security? Apart from that, yes, physical access is root access.
Shade  2010-06-29 14:32:34
A: 

why are you keeping sensitive data on the phone? If its sensitive, why not send it back to the server where you have control over things. If the user roots their phone, they can basically do what they want. Other than that, encrypting like Shade mentioned would probably be your only option...

Ben  2010-06-29 16:52:28
A: 

You could encrypt the data using a user specific salt retrieved from your server. That way, even with root access you would need the users salt to decrypt the database. Since you have control over the salt you provide an extra layer of security, however, your user will always need a network connection to access their data.

ryangavin  2010-06-29 17:36:07
A: 

The author of sqlite offers a version that encrypts data. It's not free though

Jay  2010-06-29 17:38:46

related questions

How do I find the DNS servers in Android from a Java program?
Will JavaFX work on Android?
Android application deployment
How to copy text programatically in my Android app?
Android API for detecting new media from inbuilt camera & mic
What can you not do on the Dalvik VM (Android's VM) that you can in Sun VM?
create Raw socket in Android
Will Google Android ever support .NET?
Is there a way to import a 3D model into Android?
Does Android WebView need permissions for opening external URLs?
Getting started with mobile programming. What is a good platform ?
How do I save an Android application's state?
Porting Android's Java VM to the iPhone?
Making Eclipse behave like Visual Studio
Getting started with Android
Sleep a thread until an event is attended in another thread
How well does the Android Phone Emulator reflect the performance?
Is there any way to run Python on Android ?
moving to android from j2me
What work has been done on cross-platform mobile development?
Updating Android Tab Icons
Is there a multiplatform framework for developing iPhone / Android applications?
Proxy with Android Emulator
Using ItemizedOverlay and OverlayItem In Android Beta 0.9
Android Development