Secure information contained on iPhone SQLite DB

I am working on an iPhone app that uses CoreData(with SQLite) to stores some sensitive biographical data that is downloaded via a Restful Web Services for offline use in the device.

I am worried that the competition could pay a subscription and extract the .sql file via SSH with a jailbroken device, and make copies of the data that has taken us so long to collect and maintain, and is the foundation of the service.

I was wondering if someone cou开发者_开发知识库ld suggest a way to make it more complicated for them to extract this data. I also store some HTML files with sensitive information in the Resources group that i would like to make harder to extract.

Thanks,

Security by obfuscation almost never works.

You should properly licence your application instead of trying to do this sort of thing. If someone really wants to have access to your sensitive data they will surely find a way to do it.

I would point out that under American and EU law, you can copyright a database i.e. a specific collection and/or order of information, even if the individual units of data exist in the public domain.

It's just like an encyclopedia. A encyclopedia is a collection of facts that belong to no one but the collection of facts constitute something that is copyrightable.

Copyright is the only possible protection against someone who buys access to the data in the software.

You could encrypt the data before your write it to the DB. Note that using encryption may have implications for selling your app in different countries around the world. This thread might be helpful to you.

The problem with a jailbroken device is that the attacker has more control than you do. There is no place where you can hide information, most importantly encryption keys.

There is nothing keeping your competition from stealing this data if the want to obtain it. You are looking for security though obscurity, and you are wasting your time. Consider a different business model.