SQLite Database Security and Tampering

474 views Asked by At

I just wanted to do a quick sanity check with StackOverflow to confirm my suspicion. I'm creating an app and was tempted to use FMDB in Swift to store some data.I am treating this data as public in the sense that I assume it can be tampered with (and thus untrusted). This is because, after all, unlike a web app, this app runs on a user's device and thus they can access the .sql file and alter the database.

If I wanted to store information like if a user purchased something, unlocked certain weapons, or other data that I do not want to be altered in any way, I should not use a local database on the user's device.

Would you say this is correct and safe to proceed under this assumption? If I was looking to use the database to persist something important that took place, what would be a good approach? encryption with the key in the app, or maybe a hash or something?

1

There are 1 answers

0
Rob On BEST ANSWER

If you want to secure your database, FMDB includes hooks for SQLCipher, which you have to obtain separately. See the various FMDB Encryption Methods that you can use once you have SQLCipher included in your project.