SQLCipher for Android v1 FINAL!

 

Team GP along with the good folks at Zetetic, are happy to announce that we have reached FINAL on our first release (“v1” 0.0.6 build) of SQLCipher for Android. This means we consider this a production release, ready for shipping with your apps to provide for reliable, open-source, secure application data encryption.

If you need a refresher, here is what the cross-platform, open-source SQLCipher provides:

SQLCipher is an SQLite extension that provides transparent 256-bit AES encryption of database files. Pages are encrypted before being written to disk and are decrypted when read back. Due to the small footprint and great performance it’s ideal for protecting embedded application databases and is well suited for mobile development.

  • Blazing fast performance with as little as 5-15% overhead for encryption on many operations
  • 100% of data in the database file is encrypted
  • Uses good security practices (CBC mode, key derivation)
  • Zero-configuration and application level cryptography
  • Broad platform support: works with C/C++, Obj-C, QT, Win32/.NET, Java, Python, Ruby, etc on Windows, Linux, iPhone/iOS…
  • Algorithms provided by the peer reviewed OpenSSL crypto library.

In addition to our work porting the core codebase, the work done on Android also provides near exact API compatibility with the default Android Database API. This means that developers can drop in SQLCipher, and add data encryption to their application, with very little changes to their existing codebase.

Finally, while full disk encryption is offered newer Android devices from Motorola, and those running Android 3.x Honeycomb or 4.x Ice Cream Sandwich, that only provides encryption of the entire internal or external storage, which must be unlocked and decrypted when the device is booted. The SQLCipher model ensures only a limited amount of data from your app is accessible at anytime, and allows the user or the app to lock itself down, whether or not the device itself is locked or encryption.

Download the Software Development Kit here for integration with your Android apps: https://github.com/downloads/guardianproject/android-database-sqlcipher/SQLCipherForAndroid-SDK-0.0.6-FINAL.zip

You can see all the closed issues addressed in this release.

If you want to build from source, you will need the Android NDK, as well as the SDK. Pull the repo, and run ‘make all’ with the included SQLCipher Makefile.

Our partners at Zetetic have published a step-by-step application integration tutorial.

You can also get started by working with our sample ‘NoteCipher’ project available on Github.

If you happen to encounter them, please report any unexpected behaviours, bugs, typos or other abnormalities, as soon as you can. We know there are still some outstanding issues faced in some cases, but we did not consider them blockers.

SQLCipher for Android Home: https://guardianproject.info/code/sqlcipher/

5 comments for “SQLCipher for Android v1 FINAL!

  1. 2011/12/15 at 7:47 pm

    Just changed my project over to use this. Worked fabulously. Thanks! Just wondering if there are any plans to provide the Jar on the central maven repository as many android applications build using Maven.

    http://maven.apache.org/guides/mini/guide-central-repository-upload.html

  2. George
    2012/01/21 at 6:55 pm

    I have done similar job with building custom sqlite and adjusting android.database sources to get spatialite wrapper. By examining your sources, i find out that you did it the same way as i- depending on libandroid_runtime and other libs not included in SDK. Do you consider it to be safe approach, that wont break in future Android releases or just onsome vendor’s Android device? Thanks.

    • n8fr8
      2012/01/24 at 2:13 am

      We have tested successfully across devices from Android 2.1 to 3.1, and are now working on 4.x compatibility. We think this approach works very well across vendors and versions, though occasionally we have had to debug specific issues on a specific device. No major showstoppers or blockers yet.

  3. 2012/02/06 at 7:22 am

    Hi,

    is it possible to encrypt a database on the pc and deliver the encrypted db in the apk-file?

    Thank you
    Andre

    • n8fr8
      2012/02/08 at 8:30 pm

      Yes it is. You can search the sqlcipher google group for more information on how to do this. We might post some more how tos on this crossdevice DB approach as well, but not sure when.

Leave a Reply

Your email address will not be published. Required fields are marked *