1

I have created an informational android app where we manually entered lots of data using our resources.It uses sqlite database.

I know it virtually impossible to protect the database 100% but I want to make it difficult so that every tom,dick or harry does not just runs a reverse engineering software in apk and get the database and create a new app or use it as a part of their app(information is found every where but our data entry effort is all wasted)

So, How can we protect our database?

I saw some SQLCipher and some other libraries. But I found that actually the password are hard-coded in java files which can be easily reversed engineered and will be available. So,I am not understanding how it really protects rather than adding just another easy to crack layer.They will just get password from file and open that database. Plus it is increasing the application size as well. So how does it really protect from real thief?

Am I missing something?

I just want to protect my database(even not bothered much about code for now).

Any help or suggestions? Thank you.

TheGooooogle
  • 263
  • 3
  • 11
  • Use Proguard? Fetch your password from a server? – Skynet Dec 08 '15 at 03:51
  • Does proguard has features to protect database as well? Or you mean use SQLCipher to protect database and use proguard to protect code (so that password is not shown). I want to app accessible and usable with out internet as well so no server fetched passwords. – TheGooooogle Dec 08 '15 at 05:13
  • Proguard only protects code. Its a very very bad idea to write passwords in plain text and include them in code. – Skynet Dec 08 '15 at 05:19
  • [Here](http://stackoverflow.com/questions/10306673/securing-a-password-in-a-properties-file) is some insight into this. – Skynet Dec 08 '15 at 05:20
  • @Skynet Thanks.Yes exactly my point. Proguard protects code only. The question in the link concludes with a edit "it looks impossible to protect". Jasypt answered there seems to be option but seems like i will need lots of modification in my codes. Plus aren't there any decryption software that can decrypt properties inside project or properties file? I doubt it. Thanks. – TheGooooogle Dec 08 '15 at 05:38

1 Answers1

0

SqlCipher, this will might work in your case and best security provide

Dixit Patel
  • 205
  • 2
  • 16