Geek asks and answers

Is it possible to access the SQLite database of an Android application on my phone?

I am creating an application in which the user performs some actions during the game, and these actions are logged in the SQLite database. At the end of the game, the application presents these logs through a screen that game administrators read (for example, physically read by game administrators while watching the screen). Are there ways for participants to manipulate the database, and if not, what security measures prevent them from doing this?

+3
source share
5 answers

The database is stored in /data/data/your.applications.package/databases. Typically, this location can only be accessed by a user created for the Android application for the application. No other user can access this location if the device is not deployed. Then, any user can access any location on the phone and manipulate data.

So, if you want to prevent users from cheating, you need to somehow check if there are any values ​​in the database. Perhaps you can save some fingerprint on the server to verify this.

+6
source

Yes, users can check and modify the database when connecting via USB via ADB: http://developer.android.com/guide/developing/tools/adb.html#shellcommands

Update:

Google Dev: adb?

, . , .

+2

, , . Android SQLiteDatabase.

SQLiteDatabases:

SQLiteDatabase "" , , , ContentProvider. , , , , , .

+2

, , , , , , . .

Please note that using the server does not help if the server does not implement a key part of the game logic itself; if the user knows how to fake your signature mechanism to record fake records in the database, they can also send fake reports to your server.

0
source

You can use Proguard to obfuscate code.

It is also necessary that the database be unique with a specific identifier according to the device identifier with some kind of server callback in order to verify the database.

-1
source

More articles:


All Articles