As Mark says, if you're wanting to protect the data from access by other than the owner, have the owner supply a password that is used to generate the key (basically the "seed" to getRawKey). If you want to prevent access by the owner, or want to protect the data without requiring a password, you need to use "security by obscurity". You might, eg, use the IMEI manipulated in some fashion through some obfuscated methods. (It's useful here to have the methods have meaningful yet misdirecting names -- instead of 'computeKey" use "getTimeAndDate", eg. And pass the partially constructed data between several such methods, store it in globals somewhere vs passing as a parameter in a couple of calls, etc. And interleave steps in the key generation process with other unrelated processing steps.)
Of course, "security by obscurity" isn't really "secure" in any absolute sense, but with enough obfuscation you can make it impractical for all but the most determined bad actor to access the data. On Sep 27, 3:14 am, svebee <[email protected]> wrote: > Hmm..tnx guys. I found this as William Ferguson suggested it. > > http://www.androidsnippets.org/snippets/39/ > > This seems to be secure, but, can someone get this code and read seed > value and therefore get access to whole database? > > On Sep 27, 2:52 am, DanH <[email protected]> wrote: > > > There is an open source SQLite-crypto package which I've used on > > Symbian and seen used on iPhone. But you basically have to load an > > entirely new version of SQLite onto the phone, and I suspect that on > > Android there's no way to switch it in in place of the existing > > version, so it wouldn't interface like the built-in SQL support. > > Also, of course, you'd be talking C/C++ native method coding in > > buckets. > > > You can do your own encryption for individual columns, but you then > > can't practically index/search on those columns. > > > On Sep 26, 7:39 pm, William Ferguson <[email protected]> > > wrote: > > > > You could always encrypt the data in the database. > > > Seehttp://stackoverflow.com/questions/2203987/android-database-encryption > > > > It would be nice to be able to encrypt the enture DB, but that doesn't > > > appear to be possible. > > > Seehttp://code.google.com/p/android/issues/detail?id=191 > > > > On Sep 27, 9:16 am, Mark Murphy <[email protected]> wrote: > > > > > On Sun, Sep 26, 2010 at 7:10 PM, svebee <[email protected]> wrote: > > > > > I just have one simple question, is it possible to extract (and read > > > > > records) SQLite Database out of Android application/.apk file/...)? > > > > > > Because I have some important information in it, so I wanna be sure > > > > > it's pretty secure (only application has access to it)? > > > > > Users with rooted phones can get access to any files they want. > > > > Otherwise, databases in the conventional on-board flash location are > > > > secure. > > > > > -- > > > > Mark Murphy (a Commons > > > > Guy)http://commonsware.com|http://github.com/commonsguyhttp://commonsware.com/blog|http://twitter.com/commonsguy > > > > > Android App Developer Books:http://commonsware.com/books -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
