A little-known bit of the Architecture Components
SupportSQLite... series of interfaces. These
represent a wrapper around a SQLite implementation, with an API that is reminiscent
of the native
SQLiteDatabase and related classes. Room not only has these
interfaces but an implementation (
Framework...) that delegates to the native
Android classes. But, you can provide a
openHelperFactory(), and that will
cause Room to use some other implementation of the
That’s where CWAC-SafeRoom comes in.
So, if you have an
passphraseField, you can initialize
SafeHelperFactory factory=SafeHelperFactory.fromUser(passphraseField.getText()); StuffDatabase db=Room.databaseBuilder(ctxt, StuffDatabase.class, DB_NAME) .openHelperFactory(factory) .build();
Alternatively, you can create a
SafeHelperFactory using a constructor that
char parameter. As part of setting up the database, CWAC-SafeRoom
will clear that
getText() on your
EditText) or that
so that the passphrase is no longer in cleartext in memory.
CWAC-SafeRoom has been lightly tested — there is a reason for the
version. A fair bit of the
SupportSQLite... API cannot be implemented using
SQLCipher for Android right now, as the SQLCipher for Android API is based on
very old versions of Android, and
SupportSQLite... wants a few newer features.
So far, Room does not seem to be using those, which is why the partial
SupportSQLite... in CWAC-SafeRoom is holding up as well
as it is. Plus, Room itself is still an alpha, and who knows what the future
(hopefully not zombies)
This library was developed with patent-pending Insta-Deprecation Technology™. Should Google or Zetitec (developers of SQLCipher) offer their own equivalent library, use theirs.
So, while work remains to be done, CWAC-SafeRoom demonstrates the possibility of an encrypted Room implementation.
Want an expert opinion on your Android app architecture decisions? Perhaps Mark Murphy can help!