0

I am creating an app with a prebundle database, i am using this tutorial to achieve the same,

http://www.reigndesign.com/blog/using-your-own-sqlite-database-in-android-applications/

Now how should i secure this prebundle db using SQLcipher? As in sqlcipher tutorials it assumes that you are creating a new database instead of using an exsisting one.

My aim is to prevent anyone seeing the content of my prebundle db.

This question has some techniques but it is not working for the guy

using sqlcipher to encrypt already existing database and opening it on android

Thanks Pranay

Community
  • 1
  • 1
Pranay Airan
  • 1,855
  • 6
  • 28
  • 52

1 Answers1

1

My aim is to prevent anyone seeing the content of my prebundle db.

Then do not bother. Anyone can grab your encryption key out of your APK and decrypt the database. SQLCipher is to help the user defend the user's data against attackers.

If you do not want the user to have access to the data, do not put the data on their device.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • thanks I phrased it wrong what i mean is i dont want attackers to see the data and copy it from my asset folder, if data is encrypted it will not be directly visible and will be a overhead for some one to decrypt it. Also i might not store decryption key directly but get it from my server and store it in share preference – Pranay Airan Jan 24 '13 at 06:43
  • @Parry: "if data is encrypted it will not be directly visible and will be a overhead for some one to decrypt it" -- about five minutes of overhead. You may have spent more time typing in this question and comment. "Also i might not store decryption key directly but get it from my server and store it in share preference" -- that would cut the time down to about two minutes. **If you do not want the user to have access to the data, do not put the data on the device**. – CommonsWare Jan 24 '13 at 12:32
  • How would an attacker get access to the encryption key? Are you saying APK can be decompiled ? – AlexVPerl Dec 30 '15 at 08:51
  • @AlexVPerl: "Are you saying APK can be decompiled ? " -- um, yeah. I mean, there's a whole industry for that, with tons of tools and stuff. Any computer program can be decompiled; bytecode languages tend to be easier to decompile into something more readable. – CommonsWare Dec 30 '15 at 12:46