How to safely make confirmation by SMS in a mobile application?

V

vladimir percov2015-08-09 12:57:05

JavaScript

vladimir percov, 2015-08-09 12:57:05

If someone evil finds out the API address, it can cause material damage. Therefore, the question arose: how to safely make confirmation by SMS in a mobile application? There is an idea to send md5-hash, which is generated based on the phone number + "salt". It is easy to check on the server side, it seems safe, but Android applications, as I understand it, can decompile?! And then the "salt" will go into the wrong hands.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

Z

zendor, 2019-01-24
@Verstatel3000

That's right, in splice , unlike slice , the number of elements to be removed is indicated.

E

evnuh, 2015-08-09
@evnuh

In fact, you need to use the OS's built-in encryption mechanisms. They can generate all sorts of keys and store them in the phone's memory so that no one can get it. Generate such a key, if it did not already exist, Transfer it via https to your server and then encrypt and decrypt all communications between the application and the server with this
PS key, if possible, refuse expensive SMS, use PUSH

I

IceJOKER, 2015-08-09
@IceJOKER

https://www.sinch.com/