Hey Brenda, let’s tackle your enterprise Android app requirements step by step—you’ve got two key goals here: stopping users from uninstalling the app, and keeping your SQLite database safe even if (somehow) the app does get uninstalled. Here’s how to make that happen with practical, enterprise-grade solutions:

1. Block App Uninstallation on Corporate Devices #

Since these are your company’s own devices, you’ve got a few robust options to lock the app down:

- Deploy as a System App #

Regular user apps can be uninstalled easily, but system apps (preloaded into the device’s system partition) can’t be removed by standard users. To do this:

1. Package your APK and push it to /system/app/ or /system/priv-app/ (priv-app has higher permissions) on rooted devices or via your custom ROM build.
2. Set the correct file permissions with chmod 644 /system/app/YourApp.apk to ensure the system recognizes it.
3. Reboot the device—your app will now appear as a preinstalled system app, unremovable by end users.

- Use Android Enterprise MDM (Mobile Device Management) #

If you’re managing a fleet of devices, MDM is the most scalable approach:

• Enroll devices into Android Enterprise Work Profile or Fully Managed Device mode.
• Configure your MDM policy to mark your app as a required/forced app—this will auto-install it and prevent users from uninstalling it via the launcher or settings.
• Most major MDM platforms have built-in options for this, no custom coding needed.

- Enable Device Owner Mode #

For individual devices or small fleets, you can set your app as the Device Owner to control uninstallation:

1. Use ADB to grant device owner rights to your app’s admin receiver:

   adb shell dpm set-device-owner com.your.enterprise.package/.YourDeviceAdminReceiver
   

2. In your app’s DeviceAdminReceiver subclass, use the DevicePolicyManager to block uninstallation:

   DevicePolicyManager dpm = (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);
   ComponentName adminComponent = new ComponentName(this, YourDeviceAdminReceiver.class);
   
   if (dpm.isAdminActive(adminComponent)) {
       // Block uninstall for your app package
       dpm.setUninstallBlocked(adminComponent, getPackageName(), true);
   }
   

   This will gray out the "Uninstall" button in Settings for your app.

2. Protect SQLite Database from Uninstallation Damage #

By default, SQLite databases are stored in your app’s private data directory (/data/data/com.your.package/databases/), which gets deleted when the app is uninstalled. To avoid this, move the database to a location that persists beyond app removal:

- Store the Database in External Storage (Securely) #

Save the database to a dedicated, non-app-specific folder on external storage. Just make sure to secure it:

1. Create a protected directory (e.g., /sdcard/CorpAppData/) and set strict file permissions so only your app can access it:

   File externalDir = new File(Environment.getExternalStorageDirectory(), "CorpAppData");
   if (!externalDir.exists()) {
       externalDir.mkdirs();
       // Restrict access to only the app's UID
       externalDir.setReadable(false, false);
       externalDir.setWritable(false, false);
       externalDir.setReadable(true, true);
       externalDir.setWritable(true, true);
   }
   

2. Open the database from this external location instead of the default private directory:

   File dbFile = new File(externalDir, "enterprise_db.db");
   SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(dbFile, null);
   

   For Android 10+, use Scoped Storage and request the MANAGE_EXTERNAL_STORAGE permission (your MDM can grant this silently for enterprise devices).

- Encrypt the Database #

Even if the database file is accessible, encrypt it to prevent unauthorized access. Use SQLCipher (a drop-in replacement for SQLite) to encrypt the entire database with a strong key:

1. Add the SQLCipher dependency to your app’s build.gradle:

   implementation 'net.zetetic:android-database-sqlcipher:4.5.4'
   

2. Initialize the encrypted database:

   SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(dbFile, "your_strong_encryption_key", null);
   

   This ensures that even if someone gains access to the file, they can’t read the data without the key.

- Store on System Partition (For System Apps) #

If you’ve deployed your app as a system app, save the database to /system/data/com.your.package/—this directory won’t be deleted when the app is uninstalled (though system apps rarely get uninstalled anyway). Just make sure the directory has write permissions for your app.

- Auto-Backup to a Secure Location #

Add an automated backup routine to save the database to a separate encrypted location (like a hidden folder on external storage) at regular intervals. This way, even if the main database file is lost, you can restore from backup.

Combining these strategies—locking the app via MDM/Device Owner and storing the database in a persistent, secure location—will ensure your enterprise app stays installed and your offline data remains safe.

内容的提问来源于stack exchange，提问作者Brenda