How can I protect sqlite db in android from being stolen

Question

I am making a app with 28MB size of sq-lite file which is initially in assets folder of android. When it installs in user it copy's to system folder. As this db is most important for me. If anyone can get this file then he can steal my information.

As you unzip the APK file you will easily get the sq-lite file. Is there any way to protect it or hide it or encrypt it so a programmer or hacker can't get the db easily by extracting APK file.

Answer 1

You cannot complete protect your SQLite db, for me, I prefer:

1- corrupt the db file (convert it to byte array and change some values)

2- copy it in asset folder

3- in first run fix corrupted file from asset and copy it in database folder.

I change first 200 byte values like this:

        int index = 0;
        for(int i=0;i<100;i++)
        {
            byte tmp = b[index];
            b[index] = b[index + 1];
            b[index + 1] = tmp;
            index += 2;
        }

As I just replace values of first 200 byte, the same code is used for fixing first 200 byte values.

Answer 2

Maybe SQLCypher is your friend. see here. It provides 256 bit AES encryption

Answer 3

You cannot complete protect your SQLlite DB as someone can reverse engineer your code and read the content of your protection mechanism.

You can take an alternate paths:

1) Make the DB online, i.e. don't put it with your app, have your product contact your DB and query it

2) Encrypt the data in the SQL Lite, and decrypt it on the fly inside your code - this will make it harder to just steal your SQL Lite, it is not prefect, but it is better than nothing

Answer 4

I would encrypt the data in the SQLite, it's impossible to make it absolutely unbreakable but you can make it a pain to try and crack it. Look up AES encrypt/decrypt for proper encryption, you would need to encrypt and decrypt it every time it's used though.

I'm also not a 100% on this but if you use your raw folder for the db it should be harder to get at.