jace jace - 11 months ago 91
Android Question

sqlite vs realm in terms of data security from hackers

I am a mobile developer using xamarin.android and my task sooner or later is to make applications for clients which are commonly from banks.
I am currently developing with realm(beginner) for app that doesn't require security issues.

What I want to know is, which one does give more secured local database from all types of hackers if I will make an app and let's say that... it is for a bank mobile system.

Answer Source

Both Realm and SQLite use files stored in your app's private directory within the internal storage. This is safe enough for most cases since no app apart from yours is allowed to access it.

However, you have to take account on rooted devices. With those, users can navigate the whole filesystem with ease, including your app's private directory.

Given this, our best bet relies on data encryption.

Realm supports AES-256 encryption if you asked for it:

byte[] key = new byte[64];
new SecureRandom().nextBytes(key);
RealmConfiguration config = new RealmConfiguration.Builder(context)

Realm realm = Realm.getInstance(config);

Accessing Realm with those will transparently encrypt/decrypt any data that is persisted to disk. Which improves security without needing extra effort from your side as the developer.

This project demoes how you can make use of Realm's encryption feature.

As for SQLite… I haven't found anything yet. Maybe your best bet is to manually do the encryption/decryption yourself.