mysql - Why don't connect android to database directly?

Question

I see many people trying to connect an Android device directly in a database like SQL Server or MySql and the answers are always the same: Use a web service. Why not connect directly an Android device with a database? I'm using a local network with my Android application.

Answer 1

There are a number of reasons.

1. Security- If the user has direct access, they can get anything from your database. Plus they will have a password into your database. As a result, if the SQL server you are using has a flaw, then they can exploit it. Also, if your permissions are set up wrong, the could wipe your database.
2. Speed- If the users frequently use large queries, then it can bog down your system quickly and needlessly. If you go through a web interface, you can throttle it.
3. Accessibility- Web queries are supported by almost everything. It requires special clients to access SQL databases directly.

But if you trust your users completely, have the right libraries/drivers, then you could allow direct querying, and it might even be a bit quicker.