ormlite-android is Storing the SQL query in the database in Plaintext format

[sankar-gp]

We are using ormlite-android in our Android Project, During PEN Testing we observed that ormlite-android storing SQL query in the plain text and we can able to read the SQL Query.

This issue will give an attacker better understating of underlying Database Structure.

Kindly let us know how to fix this issue.

[j256]

It was storing the SQL query? In a database somewhere? Where did you see it specifically?