2

I have used SqlCipher for protect my application local database. I have stored my db password as constant like below,

private static final String dbPassword = "testing123";

After export my application as signed APK, I have decompile the APK using decompilation tool.

My password is visible in decompilation files.

My question is,

  1. How we can store password phrase in class? which should not be visible even after the decompilation?

  2. Based on above steps, If user able to get my password he can also get all data from local database. There is no security and no benefits by using SqlCipher.

  3. What is the best way to store password inside the APK with hidden. Otherwise there is no use for using SQLCipher.

Kindly share your suggestion and solution.

Thanks.

Prakash M
  • 651
  • 3
  • 13
  • 1
    try to read [this SO Post](http://stackoverflow.com/questions/442862/how-can-i-protect-mysql-username-and-password-from-decompiling) – Randyka Yudhistira Feb 17 '15 at 07:23
  • 1
    **Do not store secret password in the application.** If the application can read the password, I assure you that there will always be someone who can read it too. The use for SQLCipher is when you encrypt database with password that is supplied by the users of your application in runtime. It's as simple as that. – Googie Feb 17 '15 at 12:44

0 Answers0