0

I've been searching a way to implement SQLCipher on my prepopulated database containing more than a million entries. Last three months is the time I've fully devoted to my project's database and it's now complete which led me to a problem.

My app's database is something that I know will be copied in a week or so and copying database is so easy (just open the apk with WinRAR). And in India, No one cares about copyrights so that'll be of no use.

Basically I want to protect my app's database from copying keeping in mind that app should work offline (that being said no PHP/SQL servers).

I've checked GitHub/Google for it and only thing I've found is SQLCipher by Zetetic. Very same thing on GitHub - Here.

Also, One can import following library now: net.zetetic:android-database-sqlcipher:3.5.2@aar and can use this for securing database but it's something works on databases created by app and not on prepopulated. (lib taken from this answer on SO).

-> Now, for me the million dollar question is Is there anyway by which I can either password protect or encrypt my database without putting the database on any server?

P.S. -> I want to make my app work offline and also, I'm just a student and at least for now, can't afford Zetetic's paid service.

Edit - I've gone through codes of some google apps storing databases for some help but they are just using .out files (easily openable with Word/Text editor) compressed in .gz files which is not something I should use.

Improve this question
6

1 Answer 1

Reset to default
3

implement SQLCipher on my prepopulated database

This is pointless. Anyone who wants to can grab the encrypted database, grab the encryption key out of your app, and decrypt the database.

I want to protect my app's database from copying

Don't put it on the device.

keeping in mind that app should work offline

Depending on the nature of your app, you might be able to cache bits of data for offline use, for reduced functionality while offline.

A simpler solution is to not worry about the fact that the database may be copied. To paraphrase Tim O'Reilly, your problem is not security but obscurity.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

I just read a line "If you put the data on the user's device, it is now the user's data, not yours.". Maybe this question is something which actually needs some new programming inventions. And I really don't want to put it on server and then mess with all the Database class and it's methods/cursors etc.
leave other comments and what if I do this and store the key in Strings with proguard on?
@Hardiksharma: Since ProGuard has nothing to do with resources, that will not help you much.
And What about retrieving pass through firebase, minimal internet help. As firebase is already linked for various other functions (pretty large app).
@Hardiksharma: Then your app will not work offline, which was the point of this exercise. If you store the password on the device (e.g., retrieve it from Firebase on first connected use), then anyone who roots their device can get the password.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.