Answer the question
In order to leave comments, you need to log in
Data encryption when accessing the API
There is a mobile application that accesses a specific URL and receives data. What is the best way to organize data encryption so that no one except the application can receive and decrypt the data?
Use keys, but by decompiling the application, you can get the key and use it anywhere by an attacker.
How to be? What is the best approach to take?
Answer the question
In order to leave comments, you need to log in
For example, classically:
1. RSA for key exchange for symmetric encryption
2. Some symmetric algorithm for encrypting data with the received
key The symmetric encryption key is valid within the session
Should you clarify what you need it for?
If you protect the user and the transmitted data, then the usual https is enough. Well, in any case, VK thinks so, and their applications have enough users.
If you are trying to protect the API itself, then you can forget about Android right away. Absolutely everything is sorted out, and then restoring the full API structure becomes just a matter of time. In fact, I have yet to come across an Android program from which it would be impossible to extract the API structure.
Perhaps, by moving the API to the native part using the Android NDK, you can get something secure, but I have not seen such solutions yet. Even private APIs are written in plain Java + sometimes (rarely enough) they are processed from above by an obfuscator, which only slows down parsing.
as an option, for applications that have an account:
when installing the application, a key is generated and sent as the first request to the server. Thus, the client and server have symmetric keys, from another application there will be no way to access your data.
we had a platform for the distribution of mobile applications. We individually sewed a key into each purchased application, but it is difficult and I do not advise
or as suggested by RSA,
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question