Flex Mobile data security

I had a search around but I have not really found what I am looking for. I am developing开发者_如何学C a flex application for mobile devices. This application will sync customer data down from an api to the mobile device. but once on the device I plan to hold it in sqlLite DB. How can I secure this data? I know that I could hash it but I guess that that someone would be able to decompile the application and get the hash key. I am new to flex and mobile development so there may be a really obvious answer that I have missed.

Thanks in advance

JaCHNo

I wouldn't recommend using AS3 based cryptography to encrypt data on the DB since it would be slow and impossible to use the data unless you decrypt everything and re-encrypt between queries (that is of course, unless you have to encrypt it like say hashing passwords of users or something so that you can do a one way compare). Encrypting the DB itself is the best way.

Here's a tutorial on how to do it.

Nothing about your question is really unique to mobile devices.

I believe you either have to Encrypt the local SQLLite database or encrypt the data stored in it.

Here is some documentation on dealing with encrypted SQLLite databases.

There are also a few libraries for encrypting data. ASCrypt3 and AS3Crypto if you wanted to encrypt the data, but not the database.

You mentioned hashes, usually when people talk about hashes they are talking about one way encryption, so I'm not sure the benefit that would be in a data store where you need to read the data.

If you only need to protect a few/several pieces of data (e.g. credit card data, phone number, but not their order history or something); I would use the EncryptedLocalStore. It's a simple solution to use and it's already in the framework, so it's Adobe tested and you aren't adding to the size of the app unnecessarily.

From what I remember, the as3lib has actual encryption utilities; but it wasn't intended for mobile.

Side note:
Hashing technically isn't encrypting. Encrypting, by definition, implies a secret key that, if known, can be used to easily (formally easy anyway) recover the original information. Hashing is "kind of" like encrypting but immediately deleting the key so that, unless you know what the original information is, you have no idea what you'd have to for original input to get the output/hash. Or... adding data to it and then just scrambling it all up.