iPhone and SQLite database security

In an iPhone iOS4 app containing an existing SQLite database (i.e. there at compile time), how secure is the data in the SQLite database?

For example, is it worth encrypting an SQLite database (using the sqlite3_key(...)开发者_如何学Python method sold under license)?

It is secured until the iPhone is jailbreaked. After jailbreak one can go to your database and can copy it to his desktop and then can see your data. So I think if you have very important data then you should encrypt your database

First question you have to answer is how valuable is your data? That somewhat determines how much time a hacker is willing to spend trying to get at it. Security is a complex subject and you could spend days researching IOS security. It depends heavily on the IOS version, with IOS 4 being the first release that has a decent chance of being really secure. First off nothing is secure unless your device is locked. Also, your database is NOT encrypted even if the device is locked unless you set data protection flags in your code. Sandbox doesn't help you here at all really, except to protect one apps data from another. A hacker with your device will jailbreak it and install an SSH server and at that point can pretty much do whatever they want, including brute-force passcode breaking attempts. If an IOS 4 device was locked with a decent passcode and you set data protection on your database, you are probably ok with counting on the IOS hardware encryption. But can you depend on users to set a decent passcode? The default simple passcode is only 4 digits - not that great. And will they all be IOS 4+ users? If not, you'll need your own encryption on the database. Just don't store the key anywhere, cuz hackers will find it. And while you are considering security in your coding, consider that hackers can also decompile and run a modified version of your app.

AFAIK data are physically encrypted on iOS 4.x devices. Add to that the fact that application are sandboxed, it's a fairly secure system.