How to Encrypt Android SDK DBs
What are SDK Databases?
SDK databases are structured storage mechanisms used by mobile software development kits (SDKs) to save data on a mobile device locally. These databases are integral for SDKs to function optimally, managing everything from user preferences and settings to critical operational data that the SDK needs to perform its tasks effectively.
How Does Encrypting SDK Databases Protect Your SDK?
Encrypting SDK databases enhances the security of mobile SDKs by safeguarding the data stored within them against unauthorized access and data breaches. Here’s a breakdown of how encryption protects SDK databases:
1. Data Confidentiality: Encrypting the database ensures that the data remains confidential. Even if an unauthorized party accesses the database file, the encrypted data is unreadable without the proper decryption key.
2. Data Integrity: Encryption can help ensure data integrity by protecting against tampering. When data is encrypted, altering it without the decryption key generally corrupts the data, thus alerting the system to potential tampering.
3. Compliance with Regulations: Many industries have regulations that require the protection of sensitive data. Encrypting databases helps SDKs comply with legal and regulatory standards such as GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), or PCI DSS (The Payment Card Industry Data Security Standard), which mandate the protection of personal and payment information.
4. Protection from Data Leaks: Encrypted databases prevent the leakage of sensitive information in case of a security breach or device compromise. This is particularly crucial for SDKs that handle financial, health, or personal user data.
Overall, encrypting SDK databases is a fundamental security measure that protects both the data and the integrity of the mobile SDK, ultimately safeguarding the applications that utilize these SDKs.
Prerequisites for Using Encrypt SDK DBs:
Before you encrypt your SDK preferences, you’ll need:
-
Appdome account (create a free Appdome account here)
-
A license for SDK Threat-Shielding >Encrypt SDK DBs
-
Mobile SDK (.aar for Android)
Room Database and Gradle Dependency
Appdome’s ‘Encrypt SDK DB’ feature supports the encryption of Room Databases, which are commonly used within mobile SDKs. If your SDK uses Room DB, it can benefit from this encryption to ensure data security.
Required Gradle Dependency: Include the following Gradle dependency in your SDK documentation to support SDK Database encryption:
implementation "androidx.room:room-runtime:+"Supported Versions: 2.2.0 up to the latest, currently 2.6.1.
Encrypt SDK DB’s using Appdome
On Appdome, follow these simple steps to secure Android SDKs:
- Upload the Mobile SDK to Appdome.
- Upload Method: Appdome Console or DEV-API
- Android Formats: .aar
- Build the feature: Encrypt SDK DBs.
- Building Encrypt SDK DB’s using Appdome’s DEV-API:
- Create and name the Fusion Set (security template) that will contain the Encrypt SDK DB’s feature as shown below:
Figure 1: Fusion Set that will contain the Encrypt SDK DB’s feature
Note: Naming the Fusion Set to correspond to the protection(s) selected is for illustration purposes only (not required). - Follow the steps in the section Building the Encrypt SDK DB’s feature via Appdome Console of this article to add the Encrypt SDK DB’s feature to this Fusion Set
- Open the Fusion Set Detail Summary by clicking the “…” symbol on the far-right corner of the Fusion Set. Copy the Fusion Set ID from the Fusion Set Detail Summary (as shown below):
Figure 2: Fusion Set Detail Summary
Note: Annotating the Fusion Set to identify the protection(s) selected is optional only (not mandatory). - Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit like Bitrise, App Center, Jenkins, Travis, Team City, Circle CI, or other systems:
- Look for sample APIs in Appdome’s GitHub Repository
- Build an API for the SDK – for instructions, see the tasks under Appdome API Reference Guide
- Building the Encrypt SDK DB’s feature via Appdome Console
- Where: Inside the Appdome Console, go to Build > Build SDKProtect™ Tab > SDK Threat-Shielding section.
- How: Check whether SDK Threat-Shielding is toggled On (enabled); otherwise, enable it. The feature Encrypt SDK DB’s is enabled by default, as shown below.
Figure 3: Encrypt SDK DB’s option
- When you enable SDK Threat-Shielding, the Fusion Set you created now bears the icon of the protection category that contains Encrypt SDK Preferences.
Figure 4: Fusion Set that displays the newly added Encrypt SDK DB’s protection
- Click Build My SDK at the bottom of the Build Workflow (shown in Figure 3).
Certify the Encrypt SDK DB’s feature in Android Apps.
After building Encrypt SDK DB’s, Appdome generates a Certified Secure™ certificate to guarantee that the Encrypt SDK DB’s protection has been added and is protecting the mobile SDK. To verify that the Encrypt SDK DB’s protection has been added to the SDK, locate the protection in the Certified Secure™ certificate as shown below:
Figure 5: Certified Secure™ certificate
Each Certified Secure™ certificate provides DevOps and DevSecOps organizations with the entire workflow summary, audit trail of each build, and proof of protection that Encrypt SDK DB’s has been added to each Android SDK.
Related Articles:
- How to Use Appdome SDKProtect to Secure Mobile iOS SDKs
- How to Implement Threat Event Handling in Android SDKs
- How to Use Appdome SDKProtect to Secure Mobile SDKs
How Do I Learn More?
If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.
Thank you!
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.
