Android: Room: no encryption and security?

Question

For now I\'am using OrmLite over SQLite with SQLCipher. Is it really no way to protect Room database from being read???

Answer 1

SQLCipher for Android now directly supports Room. You can find the documentation here

Consequently, @CommonsWare will not be actively developing cwac-saferoom any longer and recommends using SQLCipher's support

Answer 2

Room by default store data in the app's internal storage which any root user can access.

if you need some security you need to use encryption lib like this cwac-saferoom.

Answer 3

Android Room DB explicitly doesn't support encryption. A typical SQLite database in unencrypted. You can use SQLCipher for Android with Room or other consumers of the androidx.sqlite API to Secure Your Data stored in sqlite DB. QLCipher has a SupportFactory class in the net.sqlcipher.database package that can be used to configure Room to use SQLCipher for Android. See the hexdumps of a standard SQLite db and one implementing SQLCipher.

~ sjlombardo$ hexdump -C sqlite.db
00000000 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 |SQLite format 3.|
…
000003c0 65 74 32 74 32 03 43 52 45 41 54 45 20 54 41 42 |et2t2.CREATE TAB|
000003d0 4c 45 20 74 32 28 61 2c 62 29 24 01 06 17 11 11 |LE t2(a,b)$…..|
…
000007e0 20 74 68 65 20 73 68 6f 77 15 01 03 01 2f 01 6f | the show…./.o|
000007f0 6e 65 20 66 6f 72 20 74 68 65 20 6d 6f 6e 65 79 |ne for the money|

~ $ sqlite3 sqlcipher.db
sqlite> PRAGMA KEY=’test123′;
sqlite> CREATE TABLE t1(a,b);
sqlite> INSERT INTO t1(a,b) VALUES (‘one for the money’, ‘two for the show’);
sqlite> .quit

~ $ hexdump -C sqlcipher.db
00000000 84 d1 36 18 eb b5 82 90 c4 70 0d ee 43 cb 61 87 |.?6.?..?p.?C?a.|
00000010 91 42 3c cd 55 24 ab c6 c4 1d c6 67 b4 e3 96 bb |.B?..?|
00000bf0 8e 99 ee 28 23 43 ab a4 97 cd 63 42 8a 8e 7c c6 |..?(#C??.?cB..|?|

~ $ sqlite3 sqlcipher.db
sqlite> SELECT * FROM t1;
Error: file is encrypted or is not a database

https://github.com/sqlcipher/android-database-sqlcipher