1
Prevent sqlite database from being removed when uninstalling the application?
I have an application that asks password for access, the password is recorded the first time the user starts the app (yes I have to do this way, the user has to register this password to have access)... The password is stored within the database, but there is a problem, a malicious user can simply reinstall the application, causing the password registration panel to appear when starting the application. That is, it can register a new password because the database was removed when uninstalling the application!
How to avoid this?
Copying the bank to the folder Data seems to me gambiarra, I’m afraid of problem in some devices.
I cannot copy the database to sdcard, because anyone without root could open.
I already tested the Backupagenthelper Android (which was made only for preferences and not for binaries), does not work with sqlite
I used to use the
BackupAgentHelper
to back up the bank. In case I backed up the bank file. But if you stop to think, this does not help. It can erase the App data in the system settings. This way you lose everything: Databases and Preferences. I may have to reformulate this form of persistence. Why not use the device user account to generate a token in your back end (with expiration)?– Wakim
How does this token work? @Wakim
– felipe.rce
It would be like an Oauth2, but I think that’s outside the scope of the question. My suggestion is to use another form of authentication, without saving anything on the user’s device (hoping it will always be available). Is it possible to link the user login on your system with something unique device (IMEI, UUID, google account). You don’t need to store anything, since that information would always be available. It would be something similar that the Banco do Brasil app does, it registers the device in their system (by some device identifier). And assume the device is "safe" whenever I log in.
– Wakim
It’s an application that protects photos, so whoever uses it wants to hide something there, then it needs the password so that only those who created the password can access and see the photos, not only those who have access to the device as a whole, do not use webservice, it’s just a bank with a table and a Row, which is the password Row @Wakim
– felipe.rce
I got it. I could do encrypted backup, with a good algorithm/salt (there are good questions and answers about this here in the PT OS), in
sdcard
orExternal Storage
. In addition, I recommend storing the encrypted password in the bank, the user with root can have access to the bank. This issue of erasing the data from the app, the user has to be aware of what will happen, you have no way to protect yourself against it. I don’t really have a lot of ideas on how to overcome these problems, let’s see if anyone else has anything. About backing up: https://gist.github.com/samuelmtimbo/10566176.– Wakim
I’ve tried backing up using this class, but it didn’t work here. I did all the steps, including putting the key on androidmanifest and modifying a tag I can’t remember the name (pointing to the helper class), but I was able to backup (test) a sharedpreference file, does it work with sql even? I didn’t get @Wakim
– felipe.rce
ps: It doesn’t even enter oncreate(); For sharedpreferences I followed the example that is on the Google site, I also tried to use this example (modifying some things) for sqlite, but it didn’t work
– felipe.rce