How to register a mobile application on the server?

A

Askar Syzdykov2014-04-22 18:57:35

Android

Askar Syzdykov, 2014-04-22 18:57:35

There is a server with an API, in order to get it, the mobile application (Android) must identify itself.
The user will not enter a login/password. As far as I know, it is dangerous to store a secret key on the device, because. an attacker will be able to get it by unpacking the apk file. Question - how to organize the authorization / registration of the device on the server as a trusted client?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

F

FanKiLL, 2014-04-22
@FanKiLL

Can you elaborate?
Identify yourself on behalf of the user or as a trusted client to restrict access to the api only to the client you wrote?

M

mukhinkv, 2014-04-23
@mukhinkv

You can use UUID with binding to device components. Let's say we take the serial number of the display, SIM card, etc. and using them we generate a UUID, which is entered into the database on the server and used when authorizing the client. Of course, we only show this UUID to the client - we don’t let it change. In this case, when reinstalling the mobile application, the UUID will remain the same.
You can generate a UUID when you first launch the mobile application. Then, if the application is reinstalled, the UUID will be recreated and will be guaranteed to be different.