-1

I have an apk file which contains zipped database (in asset folder). I want to unzip this database during first app run. For that case I am going to use zip4j like so:

public void unzipping() {
    String source = "";//here source of zipped database 
    String destination = "";//here where database should be after installation
    String password = "mypassword";

    try {
        ZipFile zipFile = new ZipFile(source);
        if (zipFile.isEncrypted()) {
            zipFile.setPassword(password);
        }
        zipFile.extractAll(destination);
    } catch (ZipException e) {
        e.printStackTrace();
    }
}

The problem is that I don't know what correct path to specify in "source" and "destination".

gigs
  • 1,241
  • 2
  • 15
  • 25
  • 1
    You can't do anything during installation, there's no hook for code to be run at install time. You can at best do it the first time an app is run. – Gabe Sechan Sep 22 '16 at 17:55
  • yes, I mean during first time an app is run. Sorry, i edited my question. – gigs Sep 22 '16 at 17:56
  • Gabe Sechan, as I correctly understand after installation this zip archive will store somewhere on device. How to find the path to this archive ? – gigs Sep 22 '16 at 18:00
  • 1
    It doesn't get put in the file system. It remains as part of your apk file, in the assets system. To access it, you need to use the AssetManager api. IN addition, there's really no reason to zip files- the apk file is a zip file. You won't gain anything by recompressing it. – Gabe Sechan Sep 22 '16 at 18:02
  • Gabe Sechan, the reason why I am doing it is to protect my database file against reverse engineering. If someone revers my apk file the database will be in zipped archive protected by password. – gigs Sep 22 '16 at 18:10
  • THat isn't going to work. If your archive is being decrypted on the client, then your password is on the client- probably in your app. You're not going to prevent any but the simplest of hackers that way, you'll barely provide a speed bump. Besides, doesn't your question say you're going to unzip it, presumably to disk? – Gabe Sechan Sep 22 '16 at 18:11
  • @gigs, as soon as your database is unzipped I can grab it. Also the password is probably in your code so I could grab that. you are not doing anything useful by zipping with a password. Highly suggest you simplify your code. – DataDino Sep 22 '16 at 18:13
  • @DataDino I could use SQLCipher but Google may not accept my app when I will publish it on play market. – gigs Sep 22 '16 at 18:16
  • @gigs THe only thing Google checks for is viruses. This isn't apple, publishing just means you pass a virus scan. – Gabe Sechan Sep 22 '16 at 18:17
  • 1
    Lots of apps use that or other forms of encryption. You should be fine. :) – DataDino Sep 22 '16 at 18:25

1 Answers1

1

There is nothing wrong with using encryption to protect user data. But understand, that the attacker can always decompile/memory dump your app and grab the password you are using to read/write to the database.

I'd a SQLCipher , which makes it transparent to the other parts of the app.

Community
  • 1
  • 1
DataDino
  • 1,507
  • 1
  • 15
  • 30