Reputation: 1834
Android Realm database Security
Simple question. Is Realm database safe? Is there any way to receive data outside of the application? If not:
I have very sensitive data, that I have to remember - How to keep them secure?
Upvotes: 9
Views: 6405
Answers (1)
Reputation: 1667
The Realm file can be stored encrypted on disk by passing a 512-bit encryption key (64 bytes) to RealmConfiguration.Builder.encryptionKey():
byte[] key = new byte[64];
new SecureRandom().nextBytes(key);
RealmConfiguration config = new RealmConfiguration.Builder(context)
.encryptionKey(key)
.build();
Realm realm = Realm.getInstance(config);
This ensures that all data persisted to disk is transparently encrypted and decrypted with standard AES-256 encryption. The same encryption key must be supplied each time a Realm instance for the file is created.
See below link for a complete example of how to securely store keys between runs in the Android KeyStore so that other applications cannot read them:
https://github.com/realm/realm-java/tree/master/examples/encryptionExample
Upvotes: 15
Related Questions
- How do I read / convert an InputStream into a String in Java?
- How can I close/hide the Android soft keyboard programmatically?
- Proper use cases for Android UserManager.isUserAGoat()?
- Secure hash and salt for PHP passwords
- How do I pass data between Activities in Android application?
- What are the options for storing hierarchical data in a relational database?
- Why use getters and setters/accessors?
- Ship an application with a database
- How should I ethically approach user password storage for later plaintext retrieval?