I have used SqlCipher for protect my application local database. I have stored my db password as constant like below,
private static final String dbPassword = "testing123";
After export my application as signed APK, I have decompile the APK using decompilation tool.
My password is visible in decompilation files.
My question is,
How we can store password phrase in class? which should not be visible even after the decompilation?
Based on above steps, If user able to get my password he can also get all data from local database. There is no security and no benefits by using SqlCipher.
What is the best way to store password inside the APK with hidden. Otherwise there is no use for using SQLCipher.
Kindly share your suggestion and solution.