How secure are SQLite and SharedPreferences files on Android?
Solution 1
Is it possible for someone to grab them in any way?
That depends on the someone. As Mr. Burov indicates, users of rooted phones can get at whatever they want. Ordinary users and other applications can't, by default.
It's the not normally accessible part giving me additional grey hair :)
By default, files are secure. You can make them world-readable or world-writable if you choose.
Wouldn't it be possible to decompile apk file and find encryption key as well in that case?
That depends on who you are defending against. If you are defending against other apps, have the user supply the encryption key. If you are defending against the user, you're screwed, just as all implementations of DRM are screwed.
Solution 2
Well, there is a bunch of SharedPreferences editor apps on the market, so they're definitely not secure. Also on rooted devices database can pull off easily, since user have full access to the phones filesystem. Hence, if you want your app be totally secured, encrypt your data.
Comments
-
David Kuridža almost 2 years
First, a bit of my background. I have been working on large web systems for over a decade, Android is something I have been looking at for the past two months; as you can imagine, the gap is quite wide :)
Looking at Android's Security and Permissions and Data Storage part of documentation, talking directly to developers, reading books and tutorials, it is pretty clear how entire model works. However, I was unable to find an answer whether SQLite and SharedPreferences files are secure enough to store delicate non-encrypted information (for example, OAuth tokens). Is it possible for someone to grab them in any way? Quoting Android's documentation:
Any data stored by an application will be assigned that application's user ID, and not normally accessible to other packages.
It's the not normally accessible part giving me additional grey hair :)
Thank you, helpful answers are appreciated :)
-
David Kuridža over 13 yearsWouldn't it be possible to decompile apk file and find encryption key as well in that case?
-
CommonsWare over 13 years"Well, there is a bunch of SharedPreferences editor apps on the market, so they're definitely not secure." -- please name some, as a search of the Market comes up with none. -
Konstantin Burov over 13 years@David well you can obtain the key through encrypted connection from some server in web. Probably not best solution, but ensures higher level of security.
-
Konstantin Burov over 13 years@CommonsWare: oh, scratch that, I was fooled with all the profile editing apps on the market (you know, those chaning volume, brightness etc.). Shame on me :)
-
David Kuridža over 13 yearsIt's something worth thinking about, thanks for mentioning it.
-
David Kuridža over 13 yearsThere will always be someone trying to figure out how something is done, and there is no 100% protection possible. Encrypting the data should prevent most attempts from being successful, hopefully. I guess we have to settle with it for now.
-
Twice Circled about 11 years@CommonsWare In case you are interested, I just found this app play.google.com/store/apps/… called Cheat Droid. It allows you to edit sharedprefs of any app on your phone as long as you have root access. Just used it to cheat on my own game... ;)
-
CommonsWare about 11 years@TwiceCircled: My comment was with respect to this answer's first sentence. Given the second sentence goes on to discuss rooting, the first sentence must be for non-root solutions. Your solution requires root. Root users can pretty much access anything they want. Non-root users should not be able to manipulate
SharedPreferences, barring stupid moves on the developer's part (e.g., making them world-writeable). -
Igor Čordaš about 10 yearsYour answer really intrigued me because I thought those apps are not possible and it turns out that's correct. Although as many people mentioned here if rooted you can access ALL data on the phone so there will probably be plenty of apps making that easier but root is a prerequisite. -
ninbit over 5 years@DavidKuridža How about generating the key at runtime, for example with timestamp? Then the key won't be shown in the file. Is it possible?
