keep your data safe with SQLCipher

Database Encryption for Android N: SQLCipher 3.5

SQLCipher 3.5.0 with support for Android N was released yesterday. Previous versions of SQLCipher linked to non-public Android libraries, a practice Google warned about earlier. Android N is getting stricter about linking to platform libraries. To comply with Android N, the SQLCipher authors did the necessary changes and also did a major code clean up. This results in a massive code reduction, as you can see in the following table:
SQLCipher 3.4
SQLCipher 3.5
AAR size
7.15 MB
2.87 MB
armeabi-v7a .so size
2.50 MB
1.43 MB
ICU size compressed / uncompressed
2.19 MB / 6.73 MB
-

That's really good news. Just by using the new version 3.5.0 of SQLCipher, you can reduce your APK size (and build/deployment time). Not just the binary .so files got smaller, also the big "icudt46l.dat" file was removed in 3.5.0.

To see the effect in an app, we took the greenDAO example app and compared the resulting sizes. Of course, the version using built-in SQLite is by far the smallest, but your APK may lose 4.4 MB if you were using a previous version of SQLCipher:

SQLite
SQLCipher 3.4
SQLCipher 3.5
greenDAO Example APK size
70 KB
7.22 MB
2.80 MB
greenDAO Example size on device (Nexus 5x)
0,88 MB
17,89 MB
12.39 MB

We noticed one incompatibility with SQLCipher 3.5.x however. Android's SQLiteDatabase defines two additional collations:

In addition to SQLite's default BINARY collator, Android supplies two more, LOCALIZED, which changes with the system's current locale, and UNICODE, which is the Unicode Collation Algorithm and not tailored to the current locale.

Running SQL ORDER commands with "COLLATE LOCALIZED" does not work anymore starting with SQLCipher 3.5.0. That is the downside of the ICU (and ASOP code) removal.

So, what about greenDAO support for SQLCipher 3.5.x? greenDAO used "COLLATE LOCALIZED" in the QueryBuilder when specifying orders using string properties. To ensure compatibility with SQLCipher 3.5, we just released greendao-encryption V2.2.2 without the LOCALIZED collation.

greenDAO 3 Beta released

We just released greenDAO 3 beta: it makes the generator project optional and moves to Java annotations. Before the final release however, we want to get your feedback. In particular, we experimented with alternative annotation processing that gives greenDAO more power while it avoids byte code manipulation.Our goal with greenDAO3 is to put the developer in control over entity classes while augmenting the entity code with a little bit of generated code.

Continue reading

greenDAO 2.2 with Database Encryption

Encryption is the central feature of today’s greenDAO 2.2 release. Actually, greenDAO seems to be the first Android ORM to officially support SQLCipher (non-beta). Since it’s first (source-only) release in August 2015, greenDAO’s encryption support has been successfully tested in a complex setup for months. So, if you want to store sensitive data in your database, give it a try!
Continue reading

Avoid NoClassDefFoundError during EventBus registration

There is an obscure scenario causing some older Android versions to throw java.lang.NoClassDefFoundError when trying to register subscribers in EventBus. It was reported often in connection to the class  PersistableBundle, which was introduced in Android API level 21. It seems like an Android bug with reflection, but of course you don’t want your app to crash. Thus, we just added an FAQ entry with covering some background and a couple of solutions. One preferred solution is to update to EventBus 3 along with the subscriber index. Because the index is created during build time, it avoids problematic (and slow) reflection altogether!

EventBus 3 released, now based on @Annotations

EventBus3
Today, we are pleased to release EventBus 3. Previous versions of EventBus rejected to use annotations for performance reasons. Now, version 3 embraces annotations to improve performance. How does that make sense? Unfortunately, Android’s performance did not get any better. Reflection on annotations is still very bad compared to Desktop Java, even on Android 6 and ART. EventBus 3 resolves this problem by introducing a new annotation processor, which will index all annotations at build time. It generates a class containing all the data that would be expensive to get at run time. Build-time indexing makes EventBus 3 the fastest EventBus ever.

Continue reading

Why did Parse fail?

drowing_duck_1600x446
On January, 28th, Facebook announced the retirement of Parse. Parse was one of the leaders in the “mobile backend as a service” (MBaaS) space. It gave app developers a hosted alternative to building a custom backend from scratch for data storage and some logic around that data. Parse was acquired in 2013 by Facebook for $85 million and was powering 500,000 apps in 2014 according to Wikipedia. So what turned the success story into a failure?

Continue reading

Android Architecture with EventBus

Google’s Android Dev Summit 2015 covered a talk on Android Application Architecture. Android Apps often have complex interactions among data models, application logic, UI views and controllers, and networking. A solid architecture is the key to get this right. Watch the two Googlers Yigit Boyar and Adam Powell using EventBus as an important app’s component:

Continue reading

greenrobot-common 2.3 with improved ObjectCache

Version 2.3 of greenrobot-common was just released and brings a new cache implementation: as the class ObjectCache suggests, caches a number of objects in memory. The API is used in a key-value like fashion, very much like a Map. It comes with a couple of cache-specific features though:
Continue reading