I have to develop an app both for iOS and Android. This app uses a small sqlite database with sensitive data, and depending on the user's input, it makes some process with this data. After this process is made, the database is no longer accessed unless the user has to enter a new input (it's not probable that this happens).
Since the database has sensitive data I have to protect it. I know is impossible to get a complete protection but I would like to make life harder for a possible attacker.
And since I don't know too much about security I'm not sure what would be the best alternative taking into account "difficulty / security".
I've thought in two alternatives:
1) Include the database in the apps and encrypt or obfuscate it.
But I guess it wouldn't be very difficult to get the database with a rooted Android.
2) Have the database stored in a server, each time the user enters the input the app downloads the database, the process is made and after that I remove the database from the app.
But the process takes 5-10 minutes and maybe this time is enough to get the database from the app, so I would have to add the same protection as in 1) plus a protection in the server.
Which would be the best option (difficult / security)? There would be any other options?
I've tried several Google searches but I'm confuse with all that information and I would like to try with the huge acknowledge of this community.
Aucun commentaire:
Enregistrer un commentaire