Problem Description

I am writing application for Android. Application must do following:

1. Connect to the server using following URL:

   http://www.example.com/database.xml?username=xxx&password=xxx

   username and password I must keep in the phone and this username and password are same for the all users. For example if 1.000.000 people have my application they all connect to the server using same url same username and password.

2. Download database.xml file from URL and save data in the SQLite database.

Issues

1. How I can use URL in my application to be sure that users which have access to my codes can't know from the code which URL I use and also to keep secure my password and username. Or even just to keep whole URL secure http://www.example.com/database.xml?username=xxx&password=xxx as it is same for all users.

2. How I can protect my SQLite database. For example if somebody has root access on the phone he can get database open it and get all information which I keep there.

I need to protect my data.

I think you should go for ProGuard. I know its very hard to prevent from reverse-engineering. Following are some post which give some knowledge about this.

• How to avoid reverse engineering of an APK file?
• Is it really impossible to protect Android apps from reverse engineering?

Protecting Your Android Applications is an article which describes necessary information about ProGuard.

Read FAQ to know more.

To protect database, use SQLCipher.

1. use HttpRequest apis to get the data instead of using browser intent.
2. In your case I don't see any perfect protection engineering. Any one with a primary reverse engineering knowledge can get the data from your code.