Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Android: how to protect data in a SQLite database?

Tags:

android

sqlite

protection

encryption

I'm currently developing an Android game which saves data into a SQLite database. This is not really "sensitive" data, but I don't want users to be able to modify it (for obvious reasons of game balance, as it would be cheating). And it's quite easy to access and modify a SQLite db when your phone is rooted (there are plenty of applications for that in the market).

So should I even worry about that, or consider users with a rooted phone can do whatever they want including cheating and that's their choice? Or could I somehow encrypt the data I don't want them to modify, or add a MD5 checksum or something similar?

Another approach would be to abandon SQLite altogether and use some kind of binary files with game data.

Please let me know if some of you already encountered similar issues, and what are the approaches you followed, as well as the "good practices" in the Android gaming development community.

Thanks.

like image 516
Guillaume Avatar asked Nov 25 '11 17:11

Guillaume

3 Answers

Root access for everybody and security are mutually exclusive.

Any application or user with root permissions can read and modify each and every file on your system, as well as all of the main memory. That doesn't leave many places to store a potential encryption key for the database.

You could hide parts of the key in the executables, configuration files etc, but everything you could come up with would be nothing more than obfuscation and security by obscurity.

If a user opts to grant root access to everybody, that's their decision, and it's not your job as an app developer to prevent any harm that might be caused.

Update: Storing API keys in Android, is obfustication enough? is a pretty similar issue - it's about protecting API keys, but it's the same situation with regards to your options.

like image 148
lxgr Avatar answered Sep 23 '22 18:09

lxgr

sqlcipher for Android might help here.

https://guardianproject.info/code/sqlcipher/

like image 39
SK9 Avatar answered Sep 24 '22 18:09

SK9

I think based on your requirement the best method is using consistency of data, for example MD5 the score and time, then put score and time and MD5 in to the table, then every time wanting to use that row of DB check the MD5 of the score and time if the one in DB and the one which calculated are same, the row is consistent otherwise it was hacked!

like image 43
Navid Avatar answered Sep 20 '22 18:09

Navid
Sign in to Comment

Related questions

signal 11 (SIGSEGV), code 1 (SEGV_MAPERR) base.apk
Difference between drawable and drawable-v24 in android studio [duplicate]
list connected bluetooth devices?
Android WebView performance
How can I create an AttributeSet from a style.xml?
How to make an Image as large as possible while maintaining aspect ratio
Illegal access exception with LocalStorage on Android Gingerbread
Empty files uploaded in Android Native browser
adb can list devices but adb shell/logcat doesn't work
Android Services: START_STICKY does not work on Kitkat
Preview ViewSwitcher in AndroidStudio
How to programmatically set custom attributes of custom components?
Scanning QR code using Android's Mobile Vision API
Spannable string with image not working with push notification
Android firebase auth state listener called multiple times
Create and show ProgressBar programmatically
LiveData vs Handler and LocalBroadcast
Login Failed you cant use facebook to log into this app
How to save file to public (external) storage on Android Q (API 29)?
Reading multiple NFC tags simultaneously in Android

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!