The following is the first few sections of a chapter from The Busy Coder's Guide to Android Development, plus headings for the remaining major sections, to give you an idea about the content of the chapter.


Encrypted Storage

SQLite databases, by default, are stored on internal storage, accessible only to the app that creates them.

At least, that is the theory.

In practice, it is conceivable that others could get at an app’s SQLite database, and that those “others” may not have the user’s best interests at heart. Hence, if you are storing data in SQLite that should remain confidential despite extreme measures to steal the data, you may wish to consider encrypting the database.

Perhaps the simplest way to encrypt a SQLite database is to use SQLCipher. SQLCipher is a SQLite extension that encrypts and decrypts database pages as they are written and read. However, SQLite extensions need to be compiled into SQLite, and the stock Android SQLite does not have the SQLCipher extension.

SQLCipher for Android, therefore, comes in the form of a replacement implementation of SQLite that you add as an NDK library to your project. It also ships with replacement editions of the android.database.sqlite.* classes that use the SQLCipher library instead of the built-in SQLite. This way, your app can be largely oblivious to the actual database implementation, particularly if it is hidden behind a ContentProvider or similar abstraction layer.

SQLCipher for Android is a joint initiative of Zetetic (the creators of SQLCipher) and the Guardian Project (home of many privacy-enhancing projects for Android). SQLCipher for Android is open source, under the Apache License 2.0.

Prerequisites

Understanding this chapter requires that you have read the chapter on database access.

Scenarios for Encryption

The preview of this section left for Hollywood to appear in a reality TV show.

Obtaining SQLCipher

The preview of this section is out seeking fame and fortune as the Dread Pirate Roberts.

Using SQLCipher

The preview of this section is being chased by zombies.

SQLCipher Limitations

The preview of this section was the victim of a MITM ('Martian in the middle') attack.

Passwords and Sessions

The preview of this section left for Hollywood to appear in a reality TV show.

About Those Passphrases…

The preview of this section was lost in the sofa cushions.

Encrypted Preferences

The preview of this section was the victim of a MITM ('Martian in the middle') attack.

IOCipher

The preview of this section was traded for a bag of magic beans.