Skill Level: Any

There are 2 options to add encryption to the sdk database.


Not what you’re looking for? Check out all our available tutorials for mobile app messaging here.



  1. Option #1: Using a custom sqlite build with database encryption extension

    The steps for this option are described below with the sqleet database encryption extension, but using any sqlite database encryption extension will work.

    1. Go to the sqleet releases page: https://github.com/resilar/sqleet/releases.

    2. From the latest release, download sqleet-v0.28.0-amalgamation.zip or sqleet-v0.28.0-amalgamation.tar.gz.

    3. Extract the sqleet-v0.28.0-amalgamation file content.

    4. Rename the following files:

    • sqleet.h to sqlite3.h
    • sqleet.c to sqlite3.c

    5. Download the latest sqlite build from http://www.sqlite.org/android/zip/SQLite+Android+Bindings.zip?uuid=trunk

    6. Extract the content of the file.

    7. Replace the sqlite3.h & sqlite3.c files in SQLite_Android_Bindings/sqlite3/src/main/jni/sqlite with the files you renamed on step #4.

    8. Open the SQLite_Android_Bindings folder as a project in Android Studio.

    9. Run the gradle assembleRelease.

    10. Open your application’s project (the application that uses the sdk) in Android Studio.

    11. Click File -> New -> New Module.

    12. Select import Jar / AAR package.

    13. Select sqlite3-release.aar from the SQLite_Android_Bindings project in SQLite_Android_Bindings/sqlite3/build/outputs/aar.

    14. After the module is created, add the following to your application’s build.gradle file dependencies:

    • implementation project(path: ‘:sqlite3-release’)

    15. In the “database” section of the MceConfig.json file, set the following:


    { “impl”: “com.ibm.mce.sdk.db.custom.CustomSqliteDatabaseImpl”, “encrypted”: true }

    16. Your application will now run with an encrypted sdk database.

    Optional settings:

    You can add the following to the “database” section of the MceConfig.json file:

    1. “keyRotationIntervalInDays”: <number of days>

    This will set the number of days that will pass between every database key rotation. The default is 30. The minimum is 1.

    2. “encryptionProvider”: “<encryption provider class name>”

    The sdk defines a default encryption provider. This provider uses the keystore to store the key that encrypts the database secret key for Android 18 and above. For Android 17 and below, the sdk uses a code base encryption which is less secure. To have your own encryption you can start your own class that implements com.ibm.mce.sdk.api.encryption.SdkEncryptionProvider, and set this class’ name as encryptionProvider. If you want to override our Android 17 and below encryption, you can extend the sdk encryption generator (package com.ibm.mce.sdk.encryption.DefaultSdkEncryptionProvider) and return your com.ibm.mce.sdk.api.encryption.EncryptionAlgorithm implementation only when OS level is 17 or below. Here is a sample code:

    import android.os.Build;
    import com.ibm.mce.sdk.api.encryption.EncryptionAlgorithm;
    import com.ibm.mce.sdk.encryption.DefaultSdkEncryptionProvider;
    public class SampeEncryptionProviderForAndroid17AndBelow extends DefaultSdkEncryptionProvider {
    public EncryptionAlgorithm getEncryptionAlgorithm() {
    { return super.getEncryptionAlgorithm(); }else
    { // return your provider }}

    3. “keyGenerator”: “<database secret key generator class name>”

    The sdk defines a default database secret key generator that uses a random UUID. If you want to use you own key generator, you can have your own implementation that implements com.ibm.mce.sdk.api.db.SdkDatabaseSecretKeyGenerator and set your class name as “keyGenerator”.

    Upgrade, Downgrade an unencrypting options

    1. You can upgrade an older sdk version to an encrypted version.

    2. If you downgrade an encrypted version to an older sdk version that does not support encryption, the database will be erased and the sdk will start with a new database (all registration data will remain).

    3. If you want to replace an encrypted database with an unencrypted database using an encryption supporting sdk, keep the custom sqlite implementation and only change “encrypted” to false. After the application is updated and the database is unencrypted, your next update can be with the default sdk database (“impl”:

    • “com.ibm.mce.sdk.db.android.AndroidDatabaseImpl” or no “impl” value at all) that is based on the Android OS sqlite version and you can remove the sqlite3-release package from your application project.
  2. Option #2: Using a completely custom database

    For your own custom database that is not based on the sdk code, you can create you own implementation based on the following API classes:

    • com.ibm.mce.sdk.api.db.SdkDatabase
    • com.ibm.mce.sdk.api.db.SdkDatabaseCursor
    • com.ibm.mce.sdk.api.db.SdkDatabaseOpenHelper
    • com.ibm.mce.sdk.api.db.SdkDatabaseQueryBuilder
    • com.ibm.mce.sdk.api.db.SdkDatabaseImpl

    1. Set “impl” in the “database” section of the MceConfig.json file to be the name of your class that implements com.ibm.mce.sdk.api.db.SdkDatabaseImpl.

    2. The rest of the parameters in the “database” section are not relevant to fully custom databases.

Expected outcome

Need more help? Check out all of our available tutorials for mobile app messaging here.

Join The Discussion

Your email address will not be published. Required fields are marked *