5

I am making a app with 28MB size of sq-lite file which is initially in assets folder of android. When it installs in user it copy's to system folder. As this db is most important for me. If anyone can get this file then he can steal my information.

As you unzip the APK file you will easily get the sq-lite file. Is there any way to protect it or hide it or encrypt it so a programmer or hacker can't get the db easily by extracting APK file.

Noam Rathaus
  • 5,405
  • 2
  • 28
  • 37
Ekram
  • 149
  • 2
  • 8
  • [This](https://guardianproject.info/code/sqlcipher/) could be of interest. It's not 100% hacker proof (no way is), but stops most casual access. – Joachim Isaksson Dec 30 '13 at 15:06
  • See also http://stackoverflow.com/questions/13854425/how-to-avoid-reverse-engineering-of-an-apk-file has a lot of insight – Noam Rathaus Dec 30 '13 at 15:06
  • 1
    Only way to secure it to make it external ie serve it. You could encrypt it and request the key from an external resource, but any authorised user could still get at it. You can't lock an authorised user out of their own system. – Tony Hopkinson Dec 30 '13 at 15:07

4 Answers4

12

You cannot complete protect your SQLlite DB as someone can reverse engineer your code and read the content of your protection mechanism.

You can take an alternate paths:

1) Make the DB online, i.e. don't put it with your app, have your product contact your DB and query it

2) Encrypt the data in the SQL Lite, and decrypt it on the fly inside your code - this will make it harder to just steal your SQL Lite, it is not prefect, but it is better than nothing

Noam Rathaus
  • 5,405
  • 2
  • 28
  • 37
  • 1
    But someone can go to that url and download rhat DB file. and can understand encryption decryption technique and read it... – Shabbir Dhangot Jul 05 '14 at 09:15
  • Encrypting data in SQLite is a bad idea. Decryption on the fly is computationally expensive and would make the application (unusably) slow. – sjsam Oct 14 '20 at 19:51
3

Maybe SQLCypher is your friend. see here. It provides 256 bit AES encryption

Phantômaxx
  • 37,901
  • 21
  • 84
  • 115
1

I would encrypt the data in the SQLite, it's impossible to make it absolutely unbreakable but you can make it a pain to try and crack it. Look up AES encrypt/decrypt for proper encryption, you would need to encrypt and decrypt it every time it's used though.

I'm also not a 100% on this but if you use your raw folder for the db it should be harder to get at.

Pontus Backlund
  • 1,017
  • 1
  • 10
  • 17
0

You cannot complete protect your SQLite db, for me, I prefer:

1- corrupt the db file (convert it to byte array and change some values)

2- copy it in asset folder

3- in first run fix corrupted file from asset and copy it in database folder.

I change first 200 byte values like this:

        int index = 0;
        for(int i=0;i<100;i++)
        {
            byte tmp = b[index];
            b[index] = b[index + 1];
            b[index + 1] = tmp;
            index += 2;
        }

As I just replace values of first 200 byte, the same code is used for fixing first 200 byte values.

farhad.kargaran
  • 2,233
  • 1
  • 24
  • 30