Welcome to this serie of articles about Android Security and how you can improve tremendously the protection of your users’ privacy, by implementing 3 things that provide a great effort/safety ratio.
Today we are going to look at protecting the Room Database. In deep Room database is handle by SQLite and the file is saved without encryption, which can expose your users’ data, for instance on a rooted device.
Prerequisites
minimum SDK : 16 (Android 4.1 JellyBean)
Add Room and SQLCipher into your gradle build file.
implementation "androidx.room:room-runtime:$room_version"
kapt "androidx.room:room-compiler:$room_version"
// optional - Kotlin Extensions and Coroutines support for Room
implementation "androidx.room:room-ktx:$room_version"
implementation 'net.zetetic:android-database-sqlcipher:$sqlcipher_version@aar'How SQLCipher works
SQLCipher add an encryption layer to SQLite. The encryption is pretty strong, using AES-256, a standard in the industry.
The developer will have to provide a Master Key that will be used to encrypt the data. It is the developer responsibility to protect and secure the Master Key. (could use for instance userID + salt + hash)
SQLCipher encrypt/decrypt page by page, which improve the performances, also each page is encrypted differently.
This is only an overview of the key feature. If you want an exhaustive understanding, please check SQLCipher Design
Compatibility with Room
Because SQLCipher is an extension of SQLite, it is compatible with all SQLite functions, it doesn’t disturb Room functionings.
You can continue using your DAO as usual, nothing special is required.
Implementation
As you can see in the following piece of code, only a few lines of code are required, which make it a quick-win to implement.
val builder = Room.databaseBuilder(
context.applicationContext,
Database::class.java, "encrypted.db"
)
val factory =…
