Preventing user from manipulating the time that will be stored in the local database of Android?

Question

I'm trying to make an employee attendance app where the users (employees) could punch in when they come to the office. The details they punch-in will be sent to the server. The major focus in on the time.

I am trying to implement offline functionality as well. (If the app doesn't detect internet connectivity, the punched-in record will be stored on the local db (SQLite) , and once it does, push the record from the db (and clear it) onto the server.

I tried capturing the time using the GregorianCalendar class but the time values seem to be vulnerable to user manipulation. (Especially Scenario A)

Scenario A

A user could turn internet connectivity off, turn Automatic Data & Time off, manually set the time and then open the app to punch in.

Example: Mr. X comes to office at 8.45AM, turns airplane mode on, manually sets the device time (say 8.30AM) and then punches-in the record. The time value that he sets gets entered in the db instead of the actual time he came in.

How do I prevent this from happening?

Scenario B

A user could just edit the local db values manually (rooted phones). [I know this is inevitable but any suggestions to make his harder?]

Answer 1

Scenario A: Solution 1: only accept values when there is an internet connection:

private boolean haveInternet()
{
     ConnectivityManager connectivityManager = (ConnectivityManager) getSystemService(Context.CONNECTIVITY_SERVICE);
     NetworkInfo activeNetworkInfo = connectivityManager.getActiveNetworkInfo();
    return activeNetworkInfo != null && activeNetworkInfo.isConnected();
}

Solution 2: ping your server for the timeDate.

Solution 3: register a broadcast receiver for the timechange event and disable the app until you can ping your server (taken from here: https://stackoverflow.com/a/20766107/2540578)

Scenario B: encrypt the data. There are multiple solutions to do this, but it depends on what you are using (sqlite, realm, greendao etc)