I'm creating a dictionary app. I want to encrypt sqlite database (which has meaning for words) in my PC before creating the app. Then generate the apk file with that encrypted database, so that when somebody unzip the apk file, they only see encrypted database. Each and every time the user searches for a word, then the encrypted "meaning" of the word should be decrypted by the android app. I've gone through multiple threads, they talked about encrypting and decrypting the database in the phone. Please suggest me some safe methods to safeguard my hardwork.
Asked
Active
Viewed 274 times
-1
-
what kind of data you want to encrypt ! – Al-Mothafar Feb 05 '17 at 13:43
-
Possible duplicate of [sqlite encryption for android](http://stackoverflow.com/questions/6043984/sqlite-encryption-for-android) – Al-Mothafar Feb 05 '17 at 18:48
-
You can see: http://stackoverflow.com/questions/2203987/android-database-encryption and http://stackoverflow.com/questions/6043984/sqlite-encryption-for-android – Al-Mothafar Feb 05 '17 at 18:48
2 Answers
1
There is no problem. Just encrypt before compiling the app, add the key to the app and decrypt in the app when needed.
Of course a competent attacker will be able to get the key.
Protecting assets from the device owner is very hard and generally requires DRM which is difficult and still not completely secure.
zaph
- 111,848
- 21
- 189
- 228
0
Actually, there should no need to encrypt any data on the mobile side because this sounds incorrect at the first place when you publish things should be secured around the world, you don't know how much the user device itself secure, and the user could be professional enough to crack your app and its security.
If you want something secured, secure it in your backend, and talk with your backend with api secured with https with headers have Auth token auto-generated for each user.
I want to encrypt the database before creating apk and decrypt it when a user searches for a word.
If you mean decrypt inside your mobile and search inside your sqllite itself, why you encrypt it, if the code inside mobile will encrypt and decrypt, attacker even junior level one, will be able to hack your data!!
Al-Mothafar
- 7,949
- 7
- 68
- 102
-
I want to encrypt the sqlite database "in my PC" before creating the app. Then build the app with that encrypted database. Finally, app will decrypt a particular field from the database, when the user searches for a word. – Balaji A Feb 05 '17 at 13:52
-
@BalajiA I understand, but again, if you put the code to decrypt the data inside your application, the attacker can easily decompile the code and see what you are doing to decrypt and get the whole data, I still can't understand why you want to encrypt in the first place! wonder what kind of data you want to store encrypted! – Al-Mothafar Feb 05 '17 at 14:18
-
The app has a database of words and meanings. The app is an offline dictionary. I understood your point. Still, I want to encrypt the database to make "stealing the database" a bit difficult. – Balaji A Feb 05 '17 at 16:34
-
so you want to make your application consume high CPU and RAM + drain battery faster just to make it a "bit" difficult for 0.001% chance to be stolen? and who want to "steal" your database, will get it either was difficult or not! – Al-Mothafar Feb 05 '17 at 18:46