I’ve you tried to decode a Room of Japanese hiragana?

Protect your Room database with SQLCipher on Android

Cedric Ferry
6 min readSep 15, 2020

Welcome to this serie of articles about Android Security and how you can improve tremendously the protection of your users’ privacy, by implementing 3 things that provide a great effort/safety ratio.

Today we are going to look at protecting the Room Database. In deep Room database is handle by SQLite and the file is saved without encryption, which can expose your users’ data, for instance on a rooted device.


minimum SDK : 16 (Android 4.1 JellyBean)

Add Room and SQLCipher into your gradle build file.

implementation "androidx.room:room-runtime:$room_version"
kapt "androidx.room:room-compiler:$room_version"

// optional - Kotlin Extensions and Coroutines support for Room
implementation "androidx.room:room-ktx:$room_version"

implementation 'net.zetetic:android-database-sqlcipher:$sqlcipher_version@aar'

How SQLCipher works

SQLCipher add an encryption layer to SQLite. The encryption is pretty strong, using AES-256, a standard in the industry.

The developer will have to provide a Master Key that will be used to encrypt the data. It is the developer responsibility to protect and secure the Master Key. (could use for instance userID + salt + hash)