问题
I have had experiences of Reverse engineering and people taking access of your Database quiet fluently in android. I would like to know is there any way i can cipher my Database only(not obfuscating the whole apk) at the time of Creation and then during RunTime I would use My Data Base.
I have lesser knowledge in Databases, so any suggestion would be like a boon to protect my DB in the Assets Folder.
回答1:
Surely you can do it. Use SQL Cipher.
While using, instead of using conventional android.database.sqlite.SQLiteDatabase, use info.guardianproject.database.sqlcipher.SQLiteDatabase. For more info, look this question.
回答2:
You cannot secure information contained on the App. It's impossible.
An attacker can reverse all of your code.
An attacker can deobfuscate all of your code.
A preloaded, encrypted DB file can be decrypted using the key stored on the App.
Particularly in code like this:
String dbPath = this.getDatabasePath("Encrypted.db").getPath();
SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(dbPath,
**DATABASEKEY**, null);
SQLCipher is not intended to secure user data against attackers but exists to secure user data against other Apps.
Your efforts will slow an attacker down slightly.
If you want to sensitive data on the App, don't store it on the App or in the data directory. Design your App to communicate with a server, although that bring in a whole other mess of things to consider (Web App Security).
回答3:
Maybe it would be more feasible to cipher the strings that your are storing in your table instead of the whole table. e.g. storing the hash of the passwords instead directly storing them..
回答4:
Did you have a look at Proguard?
The ProGuard tool shrinks, optimizes, and obfuscates your code by removing unused code and renaming classes, fields, and methods with semantically obscure names. The result is a smaller sized .apk file that is more difficult to reverse engineer. Because ProGuard makes your application harder to reverse engineer
More info on proguard.
来源:https://stackoverflow.com/questions/9563332/how-do-i-secure-my-database-sqlite-in-the-assets-folder-by-ciphering