[guardian-dev] Progress on SQLCipher for Android

Nathan of Guardian nathan at guardianproject.info
Tue Aug 30 21:14:20 EDT 2011

Hash: SHA256

Recently we have seen an increase in developers contacting us who want
to integrate SQLCipher for Android into their own apps. If you look at
the wild west (root-capable malware anyone?!) that the Android ecosystem
is turning out to be, we can understand why. We hope that, with how
ridiculously easy it is to implement, that SQLCipher can do a helluva
lot of good protecting many, many apps, users and their data from all
the malcontents out there trying to ruin the party.

Since our last official "Developer Preview" release back in May, we have
been working both internally and with outside developers in solving some
of the core issues we had the time of the first release. These include
adding support for the full range of Android devices, from 2.1 to 3.2,
as well as use of all expected features of the android.database.*
package within the new info.guardianproject.database.* package. The good
news it that we believe we have solved all of these issues, and are
ready to push out a new official build for you to scrutinise and
implement. If all goes well, we'd like to do a "1.0" release within the
next few weeks.

- From a codebase perspective, we are now at 0.0.5-BETA on the SQLCipher
for Android project. What that means, in our slightly confusing
versioning scheme, is that we think 0.0.5 is working well, that we are
basically feature complete, and now the goal is to get to a 0.0.5-FINAL
or STABLE. Once we are there, this project will then be released as our
"SQLCipher for Android SDK v1.0" just so people understand it is ready
for action.

The exciting news is that we have plugged this release into our own dev
branch of Gibberbot (our IM/XMPP client) which is fairly complicated in
its use of database. It has its own ContentProvider implementation,
passes cursors across processes, updates the database constantly and
creates and destroys tables on the fly. In short, if SQLCipher can make
it there, we believe it can make it anywhere.

If you haven't noticed, we also have turned our uber-sample project
Notepadbot into a shipping app in the Android Market called
"NoteCipher". It is a simple PIN protected notepad app capable of
storing text and photos within an AES-256 encrypted SQLCipher database.
This project represents our best practices for implementing SQLCipher,
including how NOT to store the entered PIN or password in your
Activity's member variable. You can find it here on Github or directly
in the market:

Additional work we are doing on the testing front includes porting the
Android OS JUnit/CTS test classes over to our package, so that we can
stand up to the same scrutiny that android.database.* gets. In addition,
we need some help with performance testing, to understand the impact of
using SQLCipher to an email app or a mediastore, so if anyone out there
wants to write some tests along these lines, it would be very welcome.

Look forward to hearing from you. Links below.



Developer Preview 2 SDK Release (this is for app developers):

Public Project (if you *must* build from scratch; requires NDK, etc):

Please report issues here (or just reply to this email):

Notepadbot sample project (also known as "NoteCipher" in the Android
Market): https://github.com/guardianproject/notepadbot
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the Guardian-dev mailing list