mercredi 30 septembre 2015

Protecting local proprietary data in an Xamarin app

I have a Xamarin.Forms app that uses a local SqLite database as its source for data. The data is proprietary, so I want to protect it so that if someone gets access to the database file, they would have to decrypt it to access the data.

I also want to limit the number of queries users can make against the database so that at a certain point they have to purchase the ability to use more of the data (in-app purchase).

I want to avoid making network calls as much as possible to minimize impact to the user's data plan and allow the app to work well in conditions where there is poor or no connectivity. So, I want the data stored in a local database (perhaps in SqLite).

I'm curious how different people would approach this problem to protect the data and at the same time minimize network usage.

Here is kind of what I was thinking (if it's possible):

1) Let the user download/install the app.

2) On first load, the app will upload a key based on the device id and the user's current purchase information. Then it will download a SqLite database file that has been encrypted using the uploaded key.

3) When the user reaches their limit of queries, the database file is deleted. If they purchase more data, then a new key is uploaded and a new encrypted database is downloaded to be used.

Thoughts? Is there a better way?

Aucun commentaire:

Enregistrer un commentaire