A
A
Askar Syzdykov2014-04-22 18:57:35
Android
Askar Syzdykov, 2014-04-22 18:57:35

How to register a mobile application on the server?

There is a server with an API, in order to get it, the mobile application (Android) must identify itself.
The user will not enter a login/password. As far as I know, it is dangerous to store a secret key on the device, because. an attacker will be able to get it by unpacking the apk file. Question - how to organize the authorization / registration of the device on the server as a trusted client?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
F
FanKiLL, 2014-04-22
@FanKiLL

Can you elaborate?
Identify yourself on behalf of the user or as a trusted client to restrict access to the api only to the client you wrote?

M
mukhinkv, 2014-04-23
@mukhinkv

You can use UUID with binding to device components. Let's say we take the serial number of the display, SIM card, etc. and using them we generate a UUID, which is entered into the database on the server and used when authorizing the client. Of course, we only show this UUID to the client - we don’t let it change. In this case, when reinstalling the mobile application, the UUID will remain the same.
You can generate a UUID when you first launch the mobile application. Then, if the application is reinstalled, the UUID will be recreated and will be guaranteed to be different.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question