Android Question SQLCipher and Licensing

tdocs2

Well-Known Member
Licensed User
Greetings, all.

I just completed my first SQLCipher project (see results in two posts here).

I have been reading about the developers of SQLCipher(see link) and their licensing. The SQLCipher license is very straightforward - attribution and disclaimer (see actual text below to be included in your app).

QUESTION
The zip file provided by Erel contains the Apache License (see it here). I assume that it applies to the commons and guava jars??? The Apache License requires attribution. Who is the copyright holder of Guava and Commons? Is it the ASF (Apache Software Foundation)?

SQLCipher License
Copyright (c) 2010 Zetetic LLC
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the ZETETIC LLC nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Guava and commons License???
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
 

ivan.tellez

Active Member
Licensed User
Hi, actually not really related to the licencing, but...

SQLCipher its not really a good thing. You will have some issues with it, the licence, the performance and of course, the database/apk sizes.


I did an app with a large DB. It was 90 mb, with SQLCipher, the APK was 105 Mb, with normal SQLite, APK was 8 Mb (Database was compressed in APK, but when installed, database file is decompresed to its 90 mb)

The other problem, the Datbase stored lots of text, so, the reading time was ridiculously log (3 to 6 sec).


So, my solution...

Serialize the Data -> Compress Data -> EncryptData -> Store Encripted Data in the SQLite


Maybe you could say that this has no logic. its much more steps and should be slower. BUT, actualy is 20 times faster (im my case.) And its logic if you think about, the bottle neck its on the storage (SD cards, or internal storage) its faster to read a little amount of data, decryt it, uncompress it and deserialize it, than reading a big chunk of data.


I used:

Serialize: JSON Lib
Compress: CompressedStreams (Using gzip)
Encrypt: Encryption Lib (Using AES/CBC/PKCS5Padding)
Store Data: (SQLite, in a single BLOB)


To store the keys, you can use String vars in Process_Globals and compile obfuscated. If you are unsure, use 2, 3 or more vars in diferent modules, split the key and then concatenate it in run time.


Results (in my case)

SQLite:
APK Size: 8 Mb
Installed: 95 Mb
Performace: Slow

SQLCipher :
APK Size: 105 Mb
Installed: 110 Mb
Performace: Slow

Serialize, compres and encrypt:
APK Size: 9 Mb
Installed: 10 Mb
Performace: Really Fast



It was a lot of work, but the results are amazing.
 

tdocs2

Well-Known Member
Licensed User
Thank you, Ivan.

This was indeed a clever piece of work - just getting a 90MB DB down to 10MB... And 3 to 6 seconds is just not acceptable. Quite an accomplishment.

What issues did you find with the SQLCipher licensing? That would be a show stopper...

@@@@@


I presume that you did take a look at my own experience from my two posts here:

I ran a parallel test to determine the impact on the size of the data bases and apk's using DBUtils with SQL and with SQLCipher. I changed the parameters to make the Student Table 1000 records and 100 tests per student.

SQL:
DB Size (per ES Explorer): 2.53MB
SQLCipher:
DB Size (per ES Explorer): 2.69MB - only a 6% increase - good news.

The apk is a different matter (based on the device App Manager after clearing the data):
Android 4.4
SQL: 416KB
SQLCipher: 6.88MB
Android 4.2
SQL: 408KB
SQLCipher: 5.16MB

These apk stats seem to be contrary to those reported in this thread. The SQLCipher adds around 5MB to the apk (look at the size of the jars and the asset required)

The other good news - it works. I tried to open the SQLCipher db with other apps, and I could not at all. Like Erel said in another post, it encrypts everything!
My data base would be around 5MB...

Best regards.

Sandy
 

ivan.tellez

Active Member
Licensed User
What issues did you find with the SQLCipher licensing?
Actually the real show stopper was the filesize of the APK and installed database.

I presume that you did take a look at my own experience
Yes I did. Thats why I insisted that in my case the changes were way more notorious. (The data was a really large amount data stored as large collections of text)

I forgot to mention that my approach it has a much better performance than SQLCypher :) but it cant be used for all purposes. the main drawback, you cant search



The license is not so bad. SQLCipher Community Edition can be used it in both open source and closed source commercial software, but you must include our BSD-style license and copyright statements prominently in the application and documentation.

So you should:

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the ZETETIC LLC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
 

tdocs2

Well-Known Member
Licensed User
Thank you, Ivan, for the clarification.

As I said, I congratulate you on this significant effort and success.

Best regards.

Sandy
 
Top