How to Encrypt Android SDK DBs

Last updated September 8, 2024 by Appdome

What are SDK Databases?

SDK databases are structured storage mechanisms used by mobile software development kits (SDKs) to save data on a mobile device locally. These databases are integral for SDKs to function optimally, managing everything from user preferences and settings to critical operational data that the SDK needs to perform its tasks effectively.

How Does Encrypting SDK Databases Protect Your SDK?

Encrypting SDK databases enhances the security of mobile SDKs by safeguarding the data stored within them against unauthorized access and data breaches. Here’s a breakdown of how encryption protects SDK databases:

1. Data Confidentiality: Encrypting the database ensures that the data remains confidential. Even if an unauthorized party accesses the database file, the encrypted data is unreadable without the proper decryption key.

2. Data Integrity: Encryption can help ensure data integrity by protecting against tampering. When data is encrypted, altering it without the decryption key generally corrupts the data, thus alerting the system to potential tampering.

3. Compliance with Regulations: Many industries have regulations that require the protection of sensitive data. Encrypting databases helps SDKs comply with legal and regulatory standards such as GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), or PCI DSS (The Payment Card Industry Data Security Standard), which mandate the protection of personal and payment information.

4. Protection from Data Leaks: Encrypted databases prevent the leakage of sensitive information in case of a security breach or device compromise. This is particularly crucial for SDKs that handle financial, health, or personal user data.

Overall, encrypting SDK databases is a fundamental security measure that protects both the data and the integrity of the mobile SDK, ultimately safeguarding the applications that utilize these SDKs.

Prerequisites for Using Encrypt SDK DBs:

Before you encrypt your SDK preferences, you’ll need:

Mobile SDK (.aar for Android)

Disclaimer and Licensing

Appdome utilizes the SQLCipher open-source library for data encryption, which is licensed for redistribution. Ensure that this license is incorporated into your SDK’s documentation and compliance strategy.

Room Database and Gradle Dependency

Appdome’s ‘Encrypt SDK DB’ feature supports the encryption of Room Databases, which are commonly used within mobile SDKs. If your SDK uses Room DB, it can benefit from this encryption to ensure data security.

Required Gradle Dependency: Include the following Gradle dependency in your SDK documentation to support SDK Database encryption:

implementation "androidx.room:room-runtime:+"

Supported Versions: 2.2.0 up to the latest, currently 2.6.1.

Encrypt SDK DB’s using Appdome

On Appdome, follow these simple steps to secure Android SDKs:

  1. Upload the Mobile SDK to Appdome.
    • Upload Method: Appdome Console or DEV-API
    • Android Formats: .aar
  2. Build the feature: Encrypt SDK DBs.
    • Building Encrypt SDK DB’s using Appdome’s DEV-API:
  3. Create and name the Fusion Set (security template) that will contain the Encrypt SDK DB’s feature as shown below:
    Encrypt SDK DBs
    Figure 1: Fusion Set that will contain the Encrypt SDK DB’s feature
    Note: Naming the Fusion Set to correspond to the protection(s) selected is for illustration purposes only (not required).
  4. Follow the steps in the section Building the Encrypt SDK DB’s feature via Appdome Console of this article to add the Encrypt SDK DB’s feature to this Fusion Set
  5. Open the Fusion Set Detail Summary by clicking the “…” symbol on the far-right corner of the Fusion Set. Copy the Fusion Set ID from the Fusion Set Detail Summary (as shown below):
    fusion Set Detail Summary image
    Figure 2: Fusion Set Detail Summary
    Note: Annotating the Fusion Set to identify the protection(s) selected is optional only (not mandatory).
  6. Follow the instructions below to use the Fusion Set ID inside any standard mobile DevOps or CI/CD toolkit like Bitrise, App Center, Jenkins, Travis, Team City, Circle CI, or other systems:
  7. Building the Encrypt SDK DB’s feature via Appdome Console
    • Where: Inside the Appdome Console, go to Build Build SDKProtect™ Tab > SDK Threat-Shielding section.
    • How: Check whether SDK Threat-Shielding is toggled On (enabled); otherwise, enable it. The feature Encrypt SDK DB’s is enabled by default, as shown below.
      Toggles Encrypt Sdk Dbs

      Figure 3: Encrypt SDK DB’s option

    • When you enable SDK Threat-Shielding, the Fusion Set you created now bears the icon of the protection category that contains Encrypt SDK Preferences.
      Saved Fusion Set Encrypt Sdk Db's

      Figure 4: Fusion Set that displays the newly added Encrypt SDK DB’s protection

  8. Click Build My SDK at the bottom of the Build Workflow (shown in Figure 3).
Congratulations!  The Encrypt SDK DB’s protection is now added to the mobile SDK.

Certify the Encrypt SDK DB’s feature in Android Apps.

After building Encrypt SDK DB’s, Appdome generates a Certified Secure™ certificate to guarantee that the Encrypt SDK DB’s protection has been added and is protecting the mobile SDK. To verify that the Encrypt SDK DB’s protection has been added to the SDK, locate the protection in the Certified Secure™ certificate as shown below:
Certificate Encrypt Sdk Db's

Figure 5: Certified Secure™ certificate
Each Certified Secure™ certificate provides DevOps and DevSecOps organizations with the entire workflow summary, audit trail of each build, and proof of protection that Encrypt SDK DB’s has been added to each Android SDK.

Related Articles:

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project.

Appdome

Want a Demo?

SDK Security Integration

GilWe're here to help
We'll get back to you in 24 hours to schedule your demo.