Stealing Android Databases

Jared Hall
Apr 30, 2018 · 3 min read
Photo by MILKOVÍ on Unsplash

I am struggling to think of an app that I have built on that hasn’t ended up with a database in it. I recall giving a presentation at my first android gig about designing apps for offline first and the importance of having data readily available regardless of internet connectivity.

During development, it can be a bit tricky designing sql statements directly for the device. It can often be easier to just grab the current populated database from the phone and practise sql statements using sqlitebrowser.

Thieving process

Note: This only works on debuggable applications OR rooted phones!

Quickly making sure you have adb installed

$ adb version
Android Debug Bridge version 1.0.32 Revision 09a0d98bebce-android

Now lets copy my database app.db out of my example app with bundle name com.example.app.

$ adb shell
# su
# cp /data/data/com.example.app/databases/app.db /sdcard/app.db
# exit
# exit
$ adb pull /sdcard/app.db ./Desktop/
1030 KB/s (67584 bytes in 0.064s)

How else is this useful?

In an older app we used sqlite asset helper in order to maintain a large ‘wiki’ type database in the assets folder. The app would then sync data to the phone daily.
Every few months or so we would push out a new version of the app but we would ship the latest database version to avoid lengthy syncs for new users.
With this process, I could have the main database on the app sync’d on my phone, steal it, and put it into the next version of the app with a bumped database version number.

Is there an easier way?

Yes, yes there is.

Our good friends over at facebook have developed a very cool tool called stetho that uses the chrome developer tools. With it we can inspect our database, shared preference, network calls, view hierarchy and more. Do check it out but make sure you only use it in debug builds only.

Add to your dependencies

dependencies {
debugImplementation 'com.facebook.stetho:stetho:1.5.0'
}

and initialise in your Application class

public class MyApplication extends Application {    public void onCreate() {
super.
onCreate();
if (BuildConfig.DEBUG) {
Stetho.initializeWithDefaults(this);
}
}
}

With your phone connected open chrome://inspect in chrome and select your app. Head to the ‘Resources’ tab, then ‘Web SQL’. Enjoy the sql command line for queries or simply click on a table to read its contents.

http://facebook.github.io/stetho/

There must be an even easier way!?!

I’m glad you asked! There is a catch though. In Android Studio down the bottom right there is a tab labelled ‘Device File Explorer’. You can open up any debuggable apps folder and download files at will.

Jared Hall

Written by

Native Mobile App Developer, NodeJS Enthusiast, Electronics Engineer, Sports Watcher

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade