How to be protected at communication of the client with the server on http?

P

p4p2016-05-25 23:41:33

Android

p4p, 2016-05-25 23:41:33

I have an android application to which I want to tie a little communication with the server. I wrote a php layer to write and retrieve data from the database. But I want to be able to reach the server only from this application, how can I do it? Of course, I can use the secret code, but the application is not protected from reverse engineering, that is, by looking at the code, they will be able to understand how to get to know the server. How to be?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

Alexey, 2016-05-26
@alsopub

If we proceed from the assumption that the application can be completely decompiled, then any of your algorithms can be completely restored. All you can do is make it harder to recover the algorithm. Passwords, certificates, https, asymmetric encryption, storing the key received from the server in the file system, etc.
If we assume that the application is sufficiently obfuscated and cannot be restored (within a reasonable time), then it is enough to use https, you can certificate pinning to prevent protocol reverse via mitm.
All deep IMHO.
Well, as a very extreme case - generating a level on the server, transferring all button presses to the server, checking the passage on the server by analyzing button presses.

#

#algooptimize #bottize, 2016-05-25
@user004

What is the data, if not a secret?

R

Rou1997, 2016-05-26
@Rou1997

How to be?

It is necessary to proceed from profitability, for yourself and for crackers, as they said above, any protection "breaks", the difference is only in the effort and time applied, and this is already a matter of budget, you need to make sure that the work of a cracker costs so much that it is not paid, at the same time, your protection work has not cost you too much either.

S

spotifi, 2016-05-26
@spotifi

individual keys.