CODEWITHSUNDEEP
javaandroiddatabasesqlitesecurity
kramer65
kramer65

Reputation: 54023

How to secure the synced data in my Android app?

I'm building an Android app which contains an SQLite db with very sensitive data. Since anyone with physical access to the device could copy the database I thought of a couple solutions to safeguard the data in the database. We can of course encrypt it before entering it into the DB, but since this would inhibit the possibility to actually query the database, it would effectively make the DB useless. Plus: if we store the key within the app, it would make it very easy to retrieve the key as well, and with that the encryption would be pointless.

So we sync all the data with the server upon login, and after that there are a couple options:

  1. Deleting the whole database in the onStop() method. I think that would be pretty safe, except for when the app crashes I suppose it doesn't call the onStop() method. Since you could manually destroy the process I suppose that a person with physical access to the device, would still be able to access the database. Right?
  2. Use an in-memory SQLite database. According to this SO answer though "Every new connection to an in-memory database creates a new, empty database.". This means that you cannot share it amongst Activities.
  3. Store the synced data in a couple Java Lists/Arrays and getting all the information from them. The problem is that these lists only exist in one Activity. To solve this I thought of creating the full app within one fragment. I haven't started trying this yet, but it doesn't seem like the normal way to do this either.

Does anybody know if any of these ideas make sense, and more importantly, if there isn't a better/more convenient way of saving data securely across the apps activities? All tips are welcome!

Upvotes: 1

Views: 173

Answers (1)

CommonsWare
CommonsWare

Reputation: 1007659

This means that you cannot share it amongst Activities.

Sure you can. Use a singleton SQLiteDatabase. You should be doing this anyway, to enable thread-safe access across multiple threads.

Store the synced data in a couple Java Lists/Arrays and getting all the information from them. The problem is that these lists only exist in one Activity.

Once again, you can use a singleton or static data member, if you are careful about memory leaks.

However, if using "a couple Java Lists/Arrays" is an option, I have no idea why you are messing around with SQLite. SQLite is designed to store relational data in files, and it sounds like you do not want any files.

Upvotes: 1

Related Questions