SQLCipher for Android

Room, by default, works with the device’s stock copy of SQLite. This is fine, as far as it goes. However, from a security standpoint, SQLite stores its data unencrypted. Some apps should be considering encrypting their data “at rest”, when it is stored in a database, to protect their users.

Fortunately, as noted in an earlier chapter, Room supports a pluggable SQLite implementation, and so we can plug in a SQLite edition that supports encryption, such as SQLCipher for Android. This chapter will outline how to do this.

Introducing SQLCipher for Android

Since SQLite is public domain, it is easy for people to grab the source code and hack on it. SQLite also offers an extension system, making it relatively easy for developers to add functionality with a minimal number of changes to SQLite’s core code. As a result, a few encryption options for SQLite have been published.

One of these is SQLCipher, whose development is overseen by Zetetic. This offers transparent AES-256 encryption of everything in the database: data, schema, etc.

With the help of the Guardian Project, Zetitec released SQLCipher for Android. This combines a pre-compiled version of SQLite with Java classes that mimic an old edition of Android’s native SQLite classes (e.g., SQLiteOpenHelper). SQLCipher for Android is open source, and if you can live with the increase in app size due to the native binaries, it is an effective solution.

And, in 2019, Zetetic started offering support for the SupportSQLite* APIs that allow SQLCipher for Android to be plugged into Room.

Prev Table of Contents Next

This book is licensed under the Creative Commons Attribution-ShareAlike 4.0 International license.