storing confidential information in database on iPhone/Android

Question

I need to store couple of thousand text/number combinations in a database on iPhone and on Android. While creating a database on either device is no issue - I would like to know how "confidential" can one actually make the data in such databases?

What I would like to avoid is that anyone "cracks" the complete database with all the entries.

While I don't care if one can get to some entries by any means.

It just should be as difficult as possible to extract all the data from the database.

Answer 1

user387184,

For the most crucial data on iOS I'd personally recommend using Keychain APIs (which can be found in the Security framework. Keychain is an encrypted storage which can be used for storing accounts, passwords, sensitive data.

However if you wish to encrypt the whole database you should take a look at the Apple's Data Protection API which allow you to easily encrypt whole database using NSFileProtectionComplete flag.

As for the Android I am not sure if there's a publicly available API for such operations. You could take a look at Android Encryption, however it is available for Android devices with Android 3.0 and higher.

An alternative approach for Android could be using a storage encrypted using simple PIN code and prompting user to input the key on each subsequent launch of the app (however from user experience point of view that wouldn't be a good solution).