|SQLite Database (secure?)||svebee||9/26/10 4:10 PM|
I just have one simple question, is it possible to extract (and read
records) SQLite Database out of Android application/.apk file/...)?
Because I have some important information in it, so I wanna be sure
it's pretty secure (only application has access to it)?
|Re: [android-developers] SQLite Database (secure?)||Mark Murphy||9/26/10 4:16 PM|
Users with rooted phones can get access to any files they want.
Android App Developer Books: http://commonsware.com/books
|Re: SQLite Database (secure?)||William Ferguson||9/26/10 5:39 PM|
You could always encrypt the data in the database. See
It would be nice to be able to encrypt the enture DB, but that doesn't
appear to be possible.
On Sep 27, 9:16 am, Mark Murphy <mmur...@commonsware.com> wrote:
> On Sun, Sep 26, 2010 at 7:10 PM, svebee <sven.kapud...@gmail.com> wrote:> Mark Murphy (a Commons Guy)http://commonsware.com|http://github.com/commonsguyhttp://commonsware.com/blog|http://twitter.com/commonsguy
|Re: SQLite Database (secure?)||DanH||9/26/10 5:52 PM|
There is an open source SQLite-crypto package which I've used on
Symbian and seen used on iPhone. But you basically have to load an
entirely new version of SQLite onto the phone, and I suspect that on
Android there's no way to switch it in in place of the existing
version, so it wouldn't interface like the built-in SQL support.
Also, of course, you'd be talking C/C++ native method coding in
You can do your own encryption for individual columns, but you then
can't practically index/search on those columns.
On Sep 26, 7:39 pm, William Ferguson <william.ferguson...@gmail.com>
> You could always encrypt the data in the database. Seehttp://stackoverflow.com/questions/2203987/android-database-encryption
|Re: SQLite Database (secure?)||svebee||9/27/10 1:14 AM|
Hmm..tnx guys. I found this as William Ferguson suggested it.
This seems to be secure, but, can someone get this code and read seed
value and therefore get access to whole database?
|Re: [android-developers] Re: SQLite Database (secure?)||Mark Murphy||9/27/10 4:05 AM|
On Mon, Sep 27, 2010 at 4:14 AM, svebee <sven.k...@gmail.com> wrote:
If you are trying to defend a database's owner (i.e., the device's
If you are trying to defend a database *against the device owner*,
Mark Murphy (a Commons Guy)
Android Training in London: http://skillsmatter.com/go/os-mobile-server
|Re: SQLite Database (secure?)||DanH||9/27/10 9:10 AM|
As Mark says, if you're wanting to protect the data from access by
other than the owner, have the owner supply a password that is used to
generate the key (basically the "seed" to getRawKey). If you want to
prevent access by the owner, or want to protect the data without
requiring a password, you need to use "security by obscurity". You
might, eg, use the IMEI manipulated in some fashion through some
obfuscated methods. (It's useful here to have the methods have
meaningful yet misdirecting names -- instead of 'computeKey" use
"getTimeAndDate", eg. And pass the partially constructed data between
several such methods, store it in globals somewhere vs passing as a
parameter in a couple of calls, etc. And interleave steps in the key
generation process with other unrelated processing steps.)
Of course, "security by obscurity" isn't really "secure" in any
absolute sense, but with enough obfuscation you can make it
impractical for all but the most determined bad actor to access the
|Re: [android-developers] Re: SQLite Database (secure?)||amir elmankabady||9/27/10 1:31 AM|
hi all ;
i am a new android developer, can any one help me to learn more about sqllite and android application by pdf, websites, ...etc.
and if their is any tool like sqlserver to help me to create tables ... etc
thanks for ur help and best regards
|Re: SQLite Database (secure?)||DanH||9/27/10 7:15 PM|
Best thing to do to learn SQLite is to go to http://www.sqlite.org/
and just start reading. You can download a PC/Mac/Linux version of
the executables and play around with SQLite on a desktop/laptop where
experimenting is a lot easier.
And if you want a GUI instead of the command-line SQLite interface
there are several free tools available. I use "SQLite Expert", which
I've found to be pretty good and easy to use.
Once you begin developing on Android, it's still good to know these
interfaces. You can run the command line SQLite interface on the
phone, if you wish, and you can download a DB from the phone to study
it with one of the GUI tools.
On Sep 27, 3:31 am, amir elmankabady <elmankabady.a...@gmail.com>