There is a sqlite database in the APP, and I want to encrypt it with SQLCipher. As we know, it's unsafe to store password in the codes, so I'm going to use bundle identifier as part of the password.
So, I want to know if the bundle identifier is easy to retrieve from an APP on a device or jailbreak device?
Thanks.
Security is hard, really the only protection is to not give anyone anything. If you do need to give them something then it's best to ask them for a password. If you can't ask them then the best you can do is obfuscation, even if you encrypt the data, because the best you can do is to hide the password so it's more difficult to find, or to find out how to create it.
So, it's easy to find out the bundle id of the application, the question is how hard is it to work out what you're using as the password and how valuable is the data it's protecting.
If the data is truly valuable then protect it properly, which might involve asking the user for a password and downloading the data from a server which encrypted it on demand.
If your goal is simply to prevent access to the novice hacker then generate a GUID, encode it into the app as something other than a string literal, and use that.
You can't stop a determined and experienced hacker if you store the password anywhere inside the app...