android - Most secure strategy for mobile database -


i have develop app both ios , android. app uses small sqlite database sensitive data, , depending on user's input, makes process data. after process made, database no longer accessed unless user has enter new input (it's not probable happens).

since database has sensitive data have protect it. know impossible complete protection make life harder possible attacker.

and since don't know security i'm not sure best alternative taking account "difficulty / security".

i've thought in 2 alternatives:

1) include database in apps , encrypt or obfuscate it.

but guess wouldn't difficult database rooted android.

2) have database stored in server, each time user enters input app downloads database, process made , after remove database app.

but process takes 5-10 minutes , maybe time enough database app, have add same protection in 1) plus protection in server.

which best option (difficult / security)? there other options?

i've tried several google searches i'm confuse information , try huge acknowledge of community.

updated:

well, reading answers i'm inclined have backend , not download database app. it's not preferred solution of client, seem best far i'll try convince it. anyway, due type of process app has i'm not sure if it's possible backend. since it's complete different question ask in other thread: https://stackoverflow.com/questions/29942688/remote-sqlite-queries-from-app

new update:

i keep thinking in , don't find solution because process complex. i've thought in know if it's possible or if has no sense (sorry don't know backend development).

server -> sqlite database & php web services

device -> txt file user inputs (20mb)

  1. device: in device txt file compressed (10mb)
  2. device: app send txt file server via post web service.
  3. server: txt file stored in server.
  4. server: txt file decompressed.
  5. server: txt file loaded new table inputtable inside sqlite database.
  6. server: new table userfinaldatatable (almost 10000 rows) created making lots of queries using inputtable , rest of database.
  7. server: userfinaldatatable converted json , sended device response web service called in step 2.
  8. device: app receive json , converts useful app.

is possible or (if not all) of steps impossible achieve?

neither. secure way keep database on server , access webservice, proper account authentication. if send data @ client, sufficiently motivated attacker it. in case of whole database file, trivial root device , read it. , if encrpyt it, sqlite won't able read (not mention decryption key local reverse engineered).


Comments

Post a Comment

Popular posts from this blog

java - Spring Data JPA: Why findOne(id) executing delete query internally? -

i have 1 application using @manytomany annotation link 2 different entities 1 parent entity. not sure if have implemented properly. when execute .findone() on parent entity's repository find it, @ first fetch data along executing delete queries internally delete record mapping table (a table jpa creates after adding @manytomany annotation.). following generated sql queries , code snippet: java class @entity @table(name = "inventory") public class inventory { @id long id; // many other properties @manytomany(fetch=fetchtype.lazy) private list<stream> streams; @manytomany(fetch=fetchtype.lazy) private list<subject> subjects; } there no other annotation i've put in stream , subject entity class link inventory class. when run app, create following tables: inventory stream subject inventory_stream inventory_subject (inventory_stream , inventory_subject, 2 tables created automatically, don't k...
Read more

python - Mongodb How to add addtional information when aggregating? -

i beginner , wrote line pipeline works, wanna add other information output, screen name , or number of tweets.i tried add under $group gave me syntax error everytime here pipeline: def make_pipeline(): # complete aggregation pipeline pipeline = [ { '$match': { "user.statuses_count": {"$gt":99 }, "user.time_zone": "brasilia" } }, { "$group": { "_id": "$user.id", "followers": { "$max": "$user.followers_count" } } }, { "$sort": { "followers": -1 } }, { "$limit" : 1 } ]; i using on example : { "_id" : objectid("5304e2e3cc9e684aa98bef97"), "text" : "first week of school on :p", "in_reply_to_status_id" : null, "retweet_count" : null, ...
Read more

java - Incorrect order of records in M-M relationship in hibernate -

Image
i have 4 records in bridge table in mysql database. using @manytomany in hibernate, accurate order of employees incorrect incorrect of projects. following required material figure out doing mistake. this source. @entity @table(name="project") public class projectbean { @id @generatedvalue @column(name="project_id") private int projectid; @column(name="title") private string projecttitle; @manytomany(mappedby="projects") private collection<employeebean> employees; public projectbean() { employees = new arraylist<employeebean>(); } //getters & setters } @entity @table(name="employee") public class employeebean { @id @generatedvalue @column(name="employee_id") private int employee_id; @column(name="first_name") private string ...
Read more