Encryption on default Sqlite DB Android

Question

Does Android do an encryption to the sqlite database owned by the application ?

Reading the documentation and various forums I could only gather that the database is protected by the application owning it and it is not visible to the other apps .

Can this mean that it is a very viable security hole ? Why doesn't Android advice developers to encrypt the sqlite databases ?

score 0 · Accepted Answer · edited May 23 '17 at 11:56

0

Android does not encrypt sqlite databases (or any files created by the application, no matter their location). Files (including a database) created in internal storage are protected by uid, which means they cannot be easily read by other apps. However, if the device is rooted, they can be easily copied and/or read.

It's only insecure if you store data that shouldn't be stored there. Your options if you want a higher level of security are (a) to store encrypted data (b) use some other encrypted database service.

edited May 23 '17 at 11:56

Community

1
1

answered Sep 08 '14 at 23:06

Sofi Software LLC

3,879
1
36
34

Does apple encrypt its core data ? – Chris Sep 08 '14 at 23:51
Core Data's default data stores are not encrypted. However, iOS does have an encrypted file system, which is unlocked when the user enters their passcode. – Sofi Software LLC Sep 10 '14 at 00:04

Encryption on default Sqlite DB Android

1 Answers1