I am working on an android project that I like to prevent users to get to content of my app database.
There are 3 ways I think, but I don't know witch one is the best and don't have any idea about how they should works.
My problem is I don't know which way is the best and how it works.
I am working on an android project that I like to prevent users to get to content of my app database
If it is on the user's device, it is the user's database, not yours. It would only be your database if it is on your hardware.
My problem is I don't know which way is the best and how it works.
All are ineffective for trying to prevent the user from accessing the user's data.
Your database should be on internal storage, the default location for SQLite databases. Most users cannot access internal storage to get at the database. The only ones who can are the ones that root their devices. Anyone with the skills and interest to both root their device and try to get at the database in your app will have the skills and interest to either:
Reverse-engineer your app to find your encryption algorithm and key, or
Upload the database somewhere and convince somebody else to reverse-engineer your app to find your encryption algorithm and key
If you do not want the user to have access to the database, do not put it on their device. Access it via Web services from a server of yours.
Tools like SQLCipher for Android are for defending the user's data against attacks. They are not effective as a DRM solution.
If you're going to encrypt the data at all, for goodness' sake, use a tested existing library instead of doing it badly yourself! For example, the author of SQLite itself sells an encryption extension (it's used in things like medical information systems), and there are a few other possible solutions too. (I googled for sqlite encryption and I'm sure you can too!)
However, be aware that holding the both encrypted data and the key to decrypt the data on the same non-trusted device is always likely to be troublesome; it's the DRM problem (i.e., you've put everything the user really needs to break things on the user's kit, and the user is relatively hostile). You should think about your application architecture; Android devices tend to be fairly well connected, so you can see if keeping the DB on a server somewhere that you control and only feeding little bits to the app (which it might cache, or not) is suitable instead.
see (linked in answer, commercial, known to be good) is used already (though perhaps not in as hostile an environment) and I found some possible alternatives (whose quality I don't know) by just freaking Googling for the most obvious keywords I could think of. Come on! You can't get a much simpler search than that!