android encrypt json data over web

My application would be frequently connecting to the web service to get some data in json.

Is there a way this data can be encrypted on server side and decrypted on application side so that data transf开发者_StackOverflow中文版erred is secure and safe?

Also, if the applicaiton comes with its own database (sqlite db file), is it possible for anyone using this application to look at this database (tables, fields and content)?

Regards, Sapan

Your easiest option for transferring the data encrypted is to use SSL (i.e. https) for the communication between the app and the web service.

If you need to set up your own self-signed certificate for the server (instead of buying one) you might have problems getting android to talk with it, but it's doable. See this SO question for tips.

Regarding reading the database, it might be possible. I would assume that an attacker that got access to the phone could read the database, if they were determined enough. If you want the data to be really secure, you would have to store the database in an encrypted file and require the user to enter a password each time they open your app. You have to decide how much security you really need.

You should definitely go for SSL encryption of the data when you transfer it over the network, though.

You can use crypto to encrypt/decrypt json in both android and server.In it very simple and secure. Using Base64 is not a efficient way, because anyone can decrypt. In this, you can use a secret key to encrypt and decrypt the String. If using wrong key to decrypt, the output will be wrong.

http://www.androidsnippets.com/encryptdecrypt-strings

I use Base64 encoding and decoding to encryt data over the network.

Depending on the type of webservice you are using, it will or will not have Base64 encoding and decoding. You can always google for code made by others.

Depending on the Android version you are targeting.

From API level 8 and up: http://developer.android.com/reference/android/util/Base64.html

For lower: http://www.frankdu.com/notes/2011/01/27/base64-encoding-with-android-2-1-or-earlier/

You could also write your own encoding and decoding systems of course. ;)