You’ve spent time, money, and resources in order to create the perfect mobile app for your customers (be it health care, finance, etc.). But what about data security? Can you ensure that the data on your app is secure and meets all the standards for HIPAA and PCI compliance? Are there different requirements for data at rest than for active data? Do you have to rely on 3rd party software to ensure security or can you use a mobile device’s native software?
To answer these questions, we turned to some of our in-house experts. Specifically, we wanted to know if SQLite could ensure a secure and compliant app or if SQLCipher is necessary as well…at least as far as meeting the minimum standards for HIPAA.
First, let’s take a look at Apple’s Core Data. According to Wikipedia, “Core Data is an object graph and persistence framework provided by Apple in the Mac OS X and iOS operating systems.”
Core Data is heavily optimized with regards to caching, lazy-loading, integrity and memory management. If you use it (with the SQLite store type), especially in conjunction with NSFetchedResultsController, you should get better performance than you could get with SQLite on your own.
“Apple has worked hard to ensure Core Data performs on iOS. Core Data is faster and more stable with less code. And managing integrity? It’s just too easy. For the iOS apps that we develop at Astegic, we prefer a combination of SQLCipher and Core Data to achieve both encryption and high performance.”
Now let’s jump back to SQLite and SQLCipher. SQLCipher is an open source extension to SQLite that provides transparent 256-bit AES encryption of database files. It’s a specialized build that performs transparent and on-the-fly encryption. While you can use native APIs to secure your apps data, SQLCipher works to ensure complete HIPAA and PCI compliance.
Of course there is a lot you can do to ensure your data is secure and compliant – SQLite, SQLCipher, and Core Data are just three tools to help you achieve your encryption objectives.