Encrypt local fight-covid-db using SQLCipher

[sudheesh001]

The current android room database present locally doesn't encrypt and store the information even locally which would be good security practice to do. This can be easily implemented with SQLCipher where the plaintext data like latitude, longitude, bluetooth_mac_address, timestamp are encrypted on the local device using a randomly generated symmetric key from the AndroidKeyStore for which this app already seems to contains support taking a look at the SecureUtils

[SagarSDagdu]

I don't think this is needed as the data that is being saved in these fields is already encrypted. @sudheesh001 , Have a look at the methods of saving latitude and longitude here : https://github.com/nic-delhi/AarogyaSetu_Android/blob/8b96cb981426297028ea7e0d78f0aaee325f3ee7/app/src/main/java/nic/goi/aarogyasetu/models/BluetoothData.java#L94

[sudheesh001]

Yes, I see the latitude and longitude being encrypted in these fields but wouldn't it just be easier and cleaner in the code to process this information in plaintext with the entire database being encrypted than the individual fields?

At the end of the day in the upload() procedures, this information is decrypted before being sent to the server, so I don't see a reason to roll your own crypto here of using AES to encrypt them especially when the mode being used in older devices with ECB is insecure to chosen plaintext attacks. #51