3

My App has an already existing Database. With "already existing" I mean that I don't create a Database in my App, I just connect to it and read the data. To setup the connection I use SQLDroid.

Now I want to know is there any possibility to encrypt my Database with SQLDroid? Otherwise my Database is unencrypted and anyone could read the data.

I already tried to work with SQLCipher, but there is the problem that I have to create my Database in my App what I'm not doing...

I know that there are possibilities to work with an online App (-> database is on a server), but this is no solution in my case, because I have to make an Offline-App.

I'm glad about every idea. Thank you.

owe
  • 4,890
  • 7
  • 36
  • 47
  • 2
    I'm not following -- if you're connecting to an already existing non-encrypted database, how do you expect it would ever be encrypted if you yourself are not doing the encryption? – NuSkooler Dec 12 '12 at 17:06

1 Answers1

0

Otherwise my Database is unencrypted and anyone could read the data.

You cannot hide data from the user of the device. Even if you encrypt the data, you would have to have the decryption key in your app, which can be found without much effort.

Using encrypted databases (e.g., SQLCipher for Android) to allow the user to defend the user's data against other people is perfectly reasonable.

That being said, SQLDroid would need to be ported to use SQLCipher or some other encrypted SQLite engine. I see no evidence that this work has been done.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • You could obfuscate the decryption key, so it would take more effort to find it. I believe this is not so much about 100% security; some clients just don't want their data to be too easily available to the competition. – hdort Dec 12 '12 at 21:41
  • @hdort: The competition will have little trouble finding and de-obfuscating the key. Key obfuscation, like the encryption itself, is a minor barrier. They might stop somebody who does not care very much, but "the competition" presumably will have a much greater interest than that. – CommonsWare Dec 12 '12 at 21:43
  • My opinion: To store a key in a app would have the same security as to allow the user to defend the user's data with a password. In both cases a trojan on the phone could get the secret. @CommonsWare: Thank you for your answer :) I think a solution in my case would be to encrypt the entries of my database on my own. – owe Dec 13 '12 at 08:12