keep your data safe with SQLCipher

Database Encryption for Android N: SQLCipher 3.5

SQLCipher 3.5.0 with support for Android N was released yesterday. Previous versions of SQLCipher linked to non-public Android libraries, a practice Google warned about earlier. Android N is getting stricter about linking to platform libraries. To comply with Android N, the SQLCipher authors did the necessary changes and also did a major code clean up. This results in a massive code reduction, as you can see in the following table:
SQLCipher 3.4
SQLCipher 3.5
AAR size
7.15 MB
2.87 MB
armeabi-v7a .so size
2.50 MB
1.43 MB
ICU size compressed / uncompressed
2.19 MB / 6.73 MB
-

That's really good news. Just by using the new version 3.5.0 of SQLCipher, you can reduce your APK size (and build/deployment time). Not just the binary .so files got smaller, also the big "icudt46l.dat" file was removed in 3.5.0.

To see the effect in an app, we took the greenDAO example app and compared the resulting sizes. Of course, the version using built-in SQLite is by far the smallest, but your APK may lose 4.4 MB if you were using a previous version of SQLCipher:

SQLite
SQLCipher 3.4
SQLCipher 3.5
greenDAO Example APK size
70 KB
7.22 MB
2.80 MB
greenDAO Example size on device (Nexus 5x)
0,88 MB
17,89 MB
12.39 MB

We noticed one incompatibility with SQLCipher 3.5.x however. Android's SQLiteDatabase defines two additional collations:

In addition to SQLite's default BINARY collator, Android supplies two more, LOCALIZED, which changes with the system's current locale, and UNICODE, which is the Unicode Collation Algorithm and not tailored to the current locale.

Running SQL ORDER commands with "COLLATE LOCALIZED" does not work anymore starting with SQLCipher 3.5.0. That is the downside of the ICU (and ASOP code) removal.

So, what about greenDAO support for SQLCipher 3.5.x? greenDAO used "COLLATE LOCALIZED" in the QueryBuilder when specifying orders using string properties. To ensure compatibility with SQLCipher 3.5, we just released greendao-encryption V2.2.2 without the LOCALIZED collation.

greenDAO 2.2 with Database Encryption

Encryption is the central feature of today’s greenDAO 2.2 release. Actually, greenDAO seems to be the first Android ORM to officially support SQLCipher (non-beta). Since it’s first (source-only) release in August 2015, greenDAO’s encryption support has been successfully tested in a complex setup for months. So, if you want to store sensitive data in your database, give it a try!
Continue reading