In this chapter we’ve looked at options to make your databases more secure. If you’re going to store customer information, we’ve covered how to use SQLCipher to encrypt the data as well as the various schemes developers have used to hide the key and keep the data safely encrypted.
The only 100 percent secure way to hide any encryption key is to keep it off the phone, and even then you must make sure it’s transmitted securely and not cached anywhere. Every other alternative that we looked at had limitations, some more obvious than others. None of these alternatives would be HIPAA compliant. Ask yourself the question, “Would the security of my app be compromised if someone could read my code?” If the answer is yes, then the app is not HIPAA compliant.