The CommonsBlog

It's the User's Data, Dammit

One of the benefits of projects like SQLCipher for Android getting more attention is that developers are learning that protecting users’ data from poachers is easier than they might have thought.

One of the downsides of projects like SQLCipher for Android getting more attention is that developers start thinking they can do things that they cannot. Notably, in this case, some developers are trying to use SQLCipher for Android to prevent users from accessing data on the user’s own phone.

That’s just not possible.

Users who root their devices can get to any files they want. This includes the encrypted database and your APK file. Finding the encryption key in the APK file is not going to be all that difficult – obfuscation is good for shrouding your own code implementation but is not that good at hiding encryption keys or calls to third-party code like SQLCipher for Android. At best, your encryption adds another small hurdle to overcome, reducing the percentage of people who will bother, but it will not stop them all. And, of course, once your key is compromised, that key can be widely disseminated, and lots more people can get at the data.

If you put data on the user’s device, it is now the user’s data.

Depending on the data, you can take some steps to help steer users towards proper use of that data. Watermarking is a popular solution for media (MP3s, EPUBs, etc.) – it does not stop the user from copying the file, but if the copies get widely distributed, it becomes possible to track down who the original copier was. That information may be sufficient to help prevent future copying (e.g., termination of an account) and may be sufficient for legal action, if you so choose.

If, however, the user simply cannot be allowed to see the data, do not put it on the user’s device. Keep it on your servers, downloading it only as needed, and taking steps on your servers to prevent unauthorized access. That too may prove challenging, but at least you have complete control over the environment.

Using SQLCipher for Android to help protect the data of users who leave their Android tablets in airplane seat-back pockets is a wonderful thing, and I hope more developers do it. Using SQLCipher for Android to try to hide data from users amounts to “roll your own DRM”, and we all know how well DRM solutions work.