Preloaded sqlite db file delivered with App, but security is a concern

ozexpert · April 7, 2015, 12:09am

If I deliver my app with sqlite database preinstalled somewhere, it seems not secure. And anyone can hack it and get the sqlite db file and use themselves.

There’s https://blog.nraboy.com/2015/01/deploy-ionic-framework-app-pre-filled-sqlite-db/ article on how to deliver sqlite file with your app; however, it does not talk about any security.

Talking about the security with sqlite, is there a way to prevent user to access the db file?
I’m not talking about encrypting data inside the database. Or is there a better way to do this rather than using sqlite?

djett · April 7, 2015, 12:32am

I dont think theres a way you would be able to prevent users from accessing your db file. Best bet is probably to use something like SQLCypher to encrypt your DB. https://github.com/litehelpers/Cordova-sqlcipher-adapter

Is it possible for you to store your data on a backend server rather than on the device?

ozexpert · April 7, 2015, 12:42am

For some data, I’m using data on Cloud. However, for some data, i want to be offline accessible, so was using sqlite.

But, if i don’t preload sqlite db file, but let user to download from the internet (and store somewhere safe), would that be inaccessible?

djett · April 7, 2015, 12:44am

got ya… are you using AWS?? If so, check out amazon cognito, which helps with syncing offline data back online…

ozexpert · April 7, 2015, 12:46am

I’m not syncing data with cloud. This data on sqlite is a separate database which is on the local device. For all the secure data will be stored on the cloud; however, this sqlite database is just like a book data which do not need any interaction with the Cloud.