CouchDB Security For Android Devices (and IOS)

I just worked myself through a wiki article and blogposts regarding CouchDB's security. Now I am wondering how this is done in Android. The Android platforms security is relying on

Solution 1:

The short answer is that on Android CouchDB has no security.

CouchDB provisions itself an admin user / password, you can ask the service to provision you a database to which you are given admin credentials, an admin and a reader is set on that database so anonymous access isnt allowed and require_valid_user isnt needed.

However all of the data is then stored on external storage which has no security whatsoever, the frontdoor is fairly well bolted but the window is wide open, if you have sensitive data then you cannot use couch, this is the same for most applications that need to handle any sizable amounts of data on android.

Its worth mentioning that couchdb runs on localhost so the data is only sensitive to someone who has access to your device, it doesnt let people pick it up from wifi or such.

Going forward a few things are likely to change, ios requires each application to have its own couchdb install and its likely that android will follow the same model, this means each application will be given gull server admin credentials and can protect their data as they wish, once that issue has been fixed I will be looking into ways to move the data off the sdcard or secure the data on the sdcard.