Reputation: 1733
Android: security issue about SQLite db
Hello I have an android application. In my app I have a SQLite database stored on the device that should be synchronized with a MySQL database stored on the server.
Now I have to retrieve a list of IDs. I can do it querying the SQLite database or the MySQL database. I chose to use the SQLite database because it'd be much faster and easier considering what I have to do. But now I was thinking about it and I have a question: Are the android SQLite database files safe? I mean is there a possibility that someone access these files and modify information inside them or are they hidden to users?
Because if I ask information from the server I'm sure that it is safe, instead I don't know the security level of android databases.
Let's suppose that each ID corresponds to an application ID I paid for (for example application 3 and 5). When I find a way to modify the android database and so adding also application 7 and 8 it would seem to the device that I've paid also for these applications instead I didn't and I can't use them. That's why I was thinking to query the MySQL database, because the user can't modify it, but this way it's gonna be slower. What do you think?
Upvotes: 0
Views: 1490
Answers (3)
Reputation: 121
Please check these option too, they might help anyone who want to secure the database.
SQLCipher for Android
1- android Sql3 wrapper library
2- libsqlite3_jni.so
also please read the article below are make your search on the option above, i hope this would help much.
http://www.findbestopensource.com/product/sqlite3-android
Note:
you can secure your device fully as if the device will be rooted by anyone. So use some other secure way like secure the database with 2 factor authentication and password protected.
In case someone rooted your device at least you should have some password protected file .
Upvotes: 0
Reputation: 13801
With a rooted device, a user could easily add / remove / modify existing records in the database.
One thing you could do, is compute an MD5 hash of the rows in your DB and compare it against a hash you have stored on your MySQL server for that particular user before accepting the "paid" values of your local cache database. This approach may or may not be acceptable to you because obviously it requires an internet connection.
Upvotes: 0
Reputation: 5022
Ideally data stored in your apps private /data directory would be private, but if someone roots their phone they have unfettered access to it. Its best to design based on the assumption that your on-phone database is unsafe without encryption and even then it's still possible that users can try to break in.
Upvotes: 2
Related Questions
- Android Sqlite Database is modifiable outside my app?
- How to secure SQLITE DATABASE in android?
- How to make our database secure
- Hide SQLite Database in Android from Other Applications
- How to secure android database file?
- Sqlite database security
- Security and SQLite in android
- How to secure the synced data in my Android app?
- Protect SQLite Statements (Android)
- Is that secure to keep sensitive data in SQLite