Claude destroyed all user data by adding unsafe auto-delete logic during SQLCipher encryption migration
Open 💬 0 comments Opened Jul 9, 2026 by mekler555
Summary: Claude Code permanently destroyed all user data while implementing SQLCipher database encryption for an Android app.
What happened:
- I asked Claude to add SQLCipher encryption to my Android app (Kotlin/Room/Hilt)
- Claude wrote DatabaseEncryptionHelper.ensureUsable() with a "Case 4": if the DB file could not be opened with the current key, it silently deleted the database file and all WAL/SHM files
- Claude introduced a key format bug in the first version (mismatch between SupportFactory and ATTACH DATABASE key format), which encrypted the existing DB with the wrong key
- When the fixed version ran: could not open the wrongly-encrypted file, Case 4 triggered, deleted the file permanently
- Room recreated a fresh empty database — all business data gone
Why this is a critical bug in Claude behavior:
Claude should NEVER write code that silently auto-deletes user data as a fallback. The correct behavior is to throw an error and stop. Claude did not warn about data loss risk, did not create a backup before migration, did not ask for confirmation before adding destructive logic.
Result: All data permanently lost. Checked Samsung Cloud, Google Backup, SmartSwitch — no backups existed. Data is unrecoverable.
Device: Samsung Galaxy S25+ (SM-S938B), Android 16
User impact: Business owner lost all client records and cannot remember appointments.