Geek Answers Handbook

Android How to protect your database?

Do you know any ways to protect the database on Android?

I would like to implement the following, but I don't know if this is possible:

  • Restrict access to the database only to the owner of the application (who created and maintains it).
  • Limit or deny access to the database from all other applications during a session using the database owner application.
  • Are there ways to password protect your database?

Tests with sqlite3 showed that you can modify the database while another application is using it. Therefore, I suppose that perhaps some external application may corrupt your data or use it, which is bad.

In addition, how do you propose to handle the database exception that may occur with such simultaneous use of the database:

  • show user message and close
  • show user message and continue work
  • just close?

After all this, how do you suggest launching the application next time?

thanks

+4
source share
2 answers

Android system automatically implements and applies parameter (1) from your list. Each application in the phone / system has its own user ID, and no application can access the database files of any other application.

If you want to share your data (using access controls), you can create a content provider that can then be used by other applications: http://developer.android.com/intl/de/reference/android/content/ContentProvider.html

There are a few exceptions to the above rules:

  • In the SDK emulator, the adb shell provides full access to the emulated file system of the phone. This does not apply to mobile phones.
  • On a phone that was β€œroot,” any application that receives root privileges can then access the db files of any other application (as well as anything else) - this is the cost / risk of rooting your phone and the responsibility of the device owner.

Basically, you do not need to worry about this. Android usually prevents these problems.

+6
source

In fact, you should be very worried. It is very easy to get your database and even code without rooting your phone. Here is an example of how to do this:

  • Download the ASTRO file manager.
  • Use this option to backup the application to the SD card.
  • Transfer the backup file to your computer.
  • Use the Apk_OneClick tool (search the web) to decompile the application package.

Now you have everything, code, database, images, xml files, that's it!

So, I can tell you that in a few minutes you can have people codes and a database. To protect your application, use ProGuard and use some type of encryption for your database. Personally, I encrypt the data of each field and decrypt it at runtime, with simple encryption such as XOR, in fact it does not greatly reduce performance.

+5
source

More articles:


All Articles