I'm trying to implement a secure database in my app that requires users to enter a password when the app is launched. The password that they enter is used to decrypt the sqlcipher database that contains their data. The part that I am stumped on is how to pass the password to the content provider.
Right now I am storing the password temporarily in shared preferences for my contentprovider to access it and then deleting the sharedpreference when onStop is called in my MainActivity. However, this seems overly complicated once I introduce multiple activities. Is there a more efficient way to set the password for my sqlcipher ContentProvider just for the current app session?
The part that I am stumped on is how to pass the password to the content provider.
Option #1: Do not use a ContentProvider.
Option #2: Use call() on a ContentResolver, which in turn invokes call() on your ContentProvider. This is an ad-hoc communications path, where you define basically what the meaning is. You can use this as a "set passphrase" sort of mechanism, where your UI layer collects the passphrase and delivers it to the provider via call(). Note that this requires a minSdkVersion of 11 or higher.
Of the two, I strongly recommend Option #1.
Right now I am storing the password temporarily in shared preferences for my contentprovider to access it and then deleting the sharedpreference when onStop is called in my MainActivity.
That writes the passphrase to disk, in cleartext. Please do not do this.