Offline Native Mobile Applications store the local database in the device's file system. By default, both Android and iOS encrypt the file system, so that the database file cannot be accessed without the users' passcode. An attacker wanting to access the local database will not be able to do so without the passcode, but the device's owner can read it easily.
This property is available in the Offline Database object and adds an extra encryption layer so that not even the device's owner can read the local database.
False (default) |
The offline database won't be encrypted. |
True |
The offline database will be encrypted |
When the user installs the application and launches it for the first time, the offline database is created. If the Encrypt Offline Database is set to True, then a random encryption key is generated locally on the device and stored securely. That key is used to encrypt the local database.
To encrypt the database we are using the SQLCipher open source project (BSD-style license), both in Android and iOS.
More information at External utilities used by Genexus generated iOS applications, External utilities used by GeneXus generated Android applications.
The encryption key is generated locally in the device, stored securely and never shown to the user.
This property is available since GeneXus 15 Upgrade 5.
As of the current version, the following limitations apply:
- Encrypting an existing application's database (or decrypting if already encrypted) does not work. If you want to do this, you need to install a new version of the application.
- Preloading the offline database is not supported if the database is encrypted.