2

I was just looking that even when you apply proguard in your app , still one can use your database (dataset , lets suppose of quiz data) by extracting/break your app , like if you have quiz app , one can easily extract your quiz database (dataset) through your apk , how we can save it , so no one can extract or can get it , one way I found is put our app database online so one can use it through net like from server , if he/she turn off the internet app should stop working. But how can we save our database if we make it to play offline too.

AHF
  • 1,070
  • 2
  • 15
  • 47
  • What about encrypting everything? Isn't this a solution? Whatapp does it this way and many other i think. –  Jul 19 '14 at 21:24
  • You want to say like encrypt our app images , our app dataset , our code logics everything ? – AHF Jul 19 '14 at 21:25

2 Answers2

2

The best option is using SQLCipher: http://sqlcipher.net/sqlcipher-for-android/

I have succesfully used it, and it work great.

I'll copy their example for you, so you can see how simple it is:

package com.demo.sqlcipher;

import java.io.File;
import net.sqlcipher.database.SQLiteDatabase;
import android.app.Activity;
import android.os.Bundle;

public class HelloSQLCipherActivity extends Activity {
    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.main);
        InitializeSQLCipher();
    }

    private void InitializeSQLCipher() {
        SQLiteDatabase.loadLibs(this);
        File databaseFile = getDatabasePath("demo.db");
        databaseFile.mkdirs();
        databaseFile.delete();
        SQLiteDatabase database = SQLiteDatabase.openOrCreateDatabase(databaseFile, "test123", null);
        database.execSQL("create table t1(a, b)");
        database.execSQL("insert into t1(a, b) values(?, ?)", new Object[]{"one for the money",
                                                                        "two for the show"});
    }
}
Mikel Pascual
  • 2,202
  • 18
  • 27
  • the same question as the answer is very same like @jlengrand – AHF Jul 19 '14 at 21:26
  • nop. @jlengrand mentions encripting with some custom-made encryption the messages you put in the database. I speak of a more than proven library that allows you to create a pasword-protected and strongly encrypted database, and in a realy easy and failsafe way. – Mikel Pascual Jul 19 '14 at 21:39
  • 1
    The first link I link to explains how to use SQLCipher :). I mentioned XOR as a simple example. Thanks for the code sample though. – jlengrand Jul 19 '14 at 21:50
  • @Thank you both of you for your help , it really matters :) – AHF Jul 19 '14 at 21:56
  • Oh, I expected to see it specifycally mentioned, but I can now see that they mention it in your third link. Anyway, I'll recommend again sqlcipher (no mather where it came from the reference), strong and simple solution. – Mikel Pascual Jul 19 '14 at 21:58
  • @MikelPascual I have one point please , that how we got to know that the user is using our application or trying to decompile the application ? may be user is using the application and app is showing encrypted material to user and app become useless for him , have you got my point ? i think the application only be encrypted when user trying to decompile ? but how we can put the condition of decompiling on application ? – Rocket Aug 21 '14 at 21:01
1

You want to look at database encryption.

A simple way to do it is to create a method that "encrypts" your message before saving them to the database. The method should easily be reversible.

A simple example is to XOR the bits to save. The very nice thing about XOR is that by reapplying the same method on the data would decrypt the message. But instead of reinventing the wheel, you can look at this answer for some implementation examples in java.

This Stack Overflow answer seems to have a lot of useful information about it if you want to use a database. If you prefer using a file, like an XML file, have a look at this answer.

Community
  • 1
  • 1
jlengrand
  • 12,152
  • 14
  • 57
  • 87
  • But what if one use `xml` file , that answer is just very limited to the sqllite , one can get anytype of data from application – AHF Jul 19 '14 at 21:22
  • You can also encrypt a file the same way :). In this case, search for file encryption methods :). The XOR method would also work in that case. – jlengrand Jul 19 '14 at 21:26
  • sorry very much beginner in this field , you want to say that `XOR` will mix the answer of different questions like if we have option `A` `B` `C` or `D` – AHF Jul 19 '14 at 21:29
  • I added another answer for file encryption :). XOR is a common and simple method to encrypt messages. I ll add some info in my answer – jlengrand Jul 19 '14 at 21:30
  • sounds good , i hope it help me to save my data from others and will not mix (encrypt) in my app for my user as well :P – AHF Jul 19 '14 at 21:32
  • but the same thing can apply others as well ? like if someone apply encryption on his dataset in `apk file` i just extract the dataset and its encrypted form , cant i decrypt it to get again in usefull form ? – AHF Jul 19 '14 at 21:36
  • I am not sure I understand your question any more :s – jlengrand Jul 19 '14 at 21:39
  • like if i get your message `how are you` like `sfdc` in encryption form (because you wana make that message secure from me) , can't i decrypt your `sfdc` back to `how are you` ? if i decrypt it (as i dont know i can or i cant) then what benefit you got from encryption ? anyways thanks +1 – AHF Jul 19 '14 at 21:42
  • Well, to decrypt the messages you will need to find the key / algorithm you used to encrypt. The whole interest of encryption is to not be decrypted eadily :D, so of course if you can decrypt it there is no benefit any more. – jlengrand Jul 19 '14 at 21:48