as you know, we can access to any folder on android device after rooting. My app has a database and some other binary files. I know that I can't prevent user see my files and database. But is there any way to prevent user copy it to other android devices for illegal use?
6
-
Where is your DB stored?Mister Smith– Mister Smith2012-10-29 10:51:06 +00:00Commented Oct 29, 2012 at 10:51
-
It is saved at default folder on Android device.Nguyen Minh Binh– Nguyen Minh Binh2012-10-29 10:51:29 +00:00Commented Oct 29, 2012 at 10:51
-
Please define default folder. Read here: developer.android.com/guide/topics/data/data-storage.htmlMister Smith– Mister Smith2012-10-29 10:53:54 +00:00Commented Oct 29, 2012 at 10:53
-
The default folder is: /system/data/data/<my package name>/database/Nguyen Minh Binh– Nguyen Minh Binh2012-10-29 10:54:43 +00:00Commented Oct 29, 2012 at 10:54
-
Looks like internal storage. Non-rooted users shouldn't be able to access it.Mister Smith– Mister Smith2012-10-29 10:57:41 +00:00Commented Oct 29, 2012 at 10:57
|
Show 1 more comment
2 Answers
One option is to encrypt the data stored in database. Normally it is stored in plaintext. SQLCipher, I believe works for Android too..
From Android/google official forums,
Users with rooted phones can get access to any files they want. Otherwise, databases in the conventional on-board flash location are secure.
If you want to prevent that (routed access) only option is to encrypt it. However long it takes.
EDIT:
What I am saying is, it is never completely secure. You can make it as much difficult for hackers. You can save the decryption key (only) in the server (if downloading entire data from server is time consuming) but then app needs net connection to work. You can save the key in a hidden file (filename starting with .), but rooted users with knowledge about linux type file system can find them. Or you can do as Teovald suggests it in the comment to this answer, by generating the key in run time using any hash algorithm from any constants (like IMEI number), but it also need some processing. The more you try to secure it, the more works you need to do to use it. So it is a 50-50 kind of situation, and decision should depends on one's requirement.
7 Comments
Mister Smith
And even then, if the key is baked in the app it can be retrieved by decompiling it.
Krishnabhadra
@MisterSmith yes, but there is no other way. Anyone with a rooted phone can decompile the apk and get the decryption key. Only thing we can do is to make it difficult for them. And, decompiling the apk and reading plain text files is one thing. Decompiling the sdk, searching for a specific key, decrypt the database and see the database is other.
Teovald
You may want to check if the user is rooted or not and only encrypt the data if he is rooted. But if you want to secure the data and the user can access it, it is the only option. @Mister Smith, that is why the key should not be stored in a plain xml. Generating it from a couple of different things, including the IMEI number sounds like a good option. Absolute security is impossible.
Mister Smith
@Teovald You might want to enforce security ALWAYS. Look at W*tsAp, they are encrypting dbs in the sdcard (but using a master password that has been disclosed). No need to be root to access anyone conversations.
Teovald
@MisterSmith Their problem is also that they putted their database on the sdcard, not a smart choice (even if the fact that old smartphones only have a limited amount of space dedicated to apps complicates things). But yes, if the data are sensible, encrypting everything is probably the best option.
|
Apart from encryption (see Krishnabhadra's answer) the only way to ensure critical data is to not have everything on the device. So you could access the most critical data always online only.
Of course this has the downside that not all of your app is usable if the user has no connection. You have to balance between your need to keep data safe from prying and allowing instant offline access to data.
If you can alleviate the former problem depends on the data. If all is critical, nothing is allowed on the device. Users will understand and begrudgingly accept this. No one would want a copy of his bank account on his device. But you should allow access to everything that is not critical even in offline mode.
