-1

I've been searching a way to implement SQLCipher on my prepopulated database containing more than a million entries. Last three months is the time I've fully devoted to my project's database and it's now complete which led me to a problem.

My app's database is something that I know will be copied in a week or so and copying database is so easy (just open the apk with WinRAR). And in India, No one cares about copyrights so that'll be of no use.

Basically I want to protect my app's database from copying keeping in mind that app should work offline (that being said no PHP/SQL servers).

I've checked GitHub/Google for it and only thing I've found is SQLCipher by Zetetic. Very same thing on GitHub - Here.

Also, One can import following library now: net.zetetic:android-database-sqlcipher:3.5.2@aar and can use this for securing database but it's something works on databases created by app and not on prepopulated. (lib taken from this answer on SO).

-> Now, for me the million dollar question is Is there anyway by which I can either password protect or encrypt my database without putting the database on any server?

P.S. -> I want to make my app work offline and also, I'm just a student and at least for now, can't afford Zetetic's paid service.

Edit - I've gone through codes of some google apps storing databases for some help but they are just using .out files (easily openable with Word/Text editor) compressed in .gz files which is not something I should use.

Phantômaxx
  • 37,901
  • 21
  • 84
  • 115
Hardik sharma
  • 313
  • 2
  • 15

1 Answers1

3

implement SQLCipher on my prepopulated database

This is pointless. Anyone who wants to can grab the encrypted database, grab the encryption key out of your app, and decrypt the database.

I want to protect my app's database from copying

Don't put it on the device.

keeping in mind that app should work offline

Depending on the nature of your app, you might be able to cache bits of data for offline use, for reduced functionality while offline.

A simpler solution is to not worry about the fact that the database may be copied. To paraphrase Tim O'Reilly, your problem is not security but obscurity.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • I just read a line "If you put the data on the user's device, it is now the user's data, not yours.". Maybe this question is something which actually needs some new programming inventions. And I really don't want to put it on server and then mess with all the Database class and it's methods/cursors etc. – Hardik sharma Oct 30 '17 at 16:08
  • leave other comments and what if I do [this](https://stackoverflow.com/a/10399513/8439566) and store the key in Strings with proguard on? – Hardik sharma Oct 30 '17 at 16:23
  • @Hardiksharma: Since ProGuard has nothing to do with resources, that will not help you much. – CommonsWare Oct 30 '17 at 16:32
  • And What about retrieving pass through firebase, minimal internet help. As firebase is already linked for various other functions (pretty large app). – Hardik sharma Oct 30 '17 at 16:40
  • @Hardiksharma: Then your app will not work offline, which was the point of this exercise. If you store the password on the device (e.g., retrieve it from Firebase on first connected use), then anyone who roots their device can get the password. – CommonsWare Oct 30 '17 at 16:44
  • First my app has various functionalities and this is one which is intended to work offline and rooting is the case I should not consider as not everything is possible. – Hardik sharma Oct 30 '17 at 16:48
  • Thanks, not this but your other answer gave me the path to choose. – Hardik sharma Oct 30 '17 at 16:49