1

My app uses SQLite DB in Android to keep some logs. I understand this is saved in my app dir on Android as DBName.db. I need a way to truncate/delete/damage/empty the database so it is unrecoverable.

  1. What is the best approach?

  2. Does Android keep some shadow copies on the device?

  3. Does Android keep synced backup in cloud by default (like settings are kept)?

  4. If the app is running, is the whole db cached in RAM? If so, id like to clean that too.

Thanks :)

michnovka
  • 2,880
  • 3
  • 26
  • 58
  • I'm not sure about shadow copies, but sqlite does create a journal version of the database which holds changes. Deleting this will have no effect on your database, but you should keep this in mind during your cleanup. – Kristy Welsh Oct 29 '15 at 14:54
  • Does this save the db structure or data as well? – michnovka Oct 29 '15 at 15:34
  • You could always choose to encrypt the data in the DB and then just destroy the key when you want to delete it - even if the DB file still exists, the data will be unreadable. – adelphus Oct 29 '15 at 17:14
  • Thisis actually what im doing but for paranoid users I need to delete db data as well, as even with no key it might be subject to cryptanalysis and i cant be sure nobody accessed my key due to e.g. bug in Android – michnovka Oct 29 '15 at 17:17

1 Answers1

2

To overwrite all data, enable the secure_delete option, and DELETE FROM all your tables.

Android does not make copies of (database) files unless you explicitly configure it to do so.

There is a RAM cache. The only safe way to clear it is to exit your own process.

Community
  • 1
  • 1
CL.
  • 173,858
  • 17
  • 217
  • 259