I'm building an Android App which connects to a SQL Lite DB. This DB contains two types of data:
- Data that the user will insert/modify
- Data that is permanently there, and must be providen when the user installs the App.
Before sending this App to the Play Store I would like to encrypt this db. In case of only having 1), I would use KeyStore to generate a key on the fly on the first use of the App. However, I had to prepopulate data for the 2) case. To prepopulate it I had invest quite a lot of time by myself, so I would like to have that encrypted too.
Therefore, now what I did was to create a db encrypted, and prepopulate it. Then in Android App I'm using Cypher to connect to it. Since I prepopulated, I already have a key for this db, which I hard coded in the source code of my app. Everything is working fine, but I don't think the key should be hard coded there. What should I do in this scenario? Is there some other better way of proceeding? If not, any recommendation on how to obfuscate it?