How to secure mobile app communication with api?

A

Andrew2014-03-28 15:27:05

Android

Andrew, 2014-03-28 15:27:05

Greetings!
We make a game. It is planned to save the state of the passage on the server.
As a user ID, his Google account is used.
The question of user verification arose - how to understand that the request came from the user whose account is specified?
Sewing the key into the application is not an option, since everything is perfectly decompiled and the key is obtained.
I would not want to burden the user with inventing and entering a password.
What to do?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Andrey, 2014-04-02
@Krost

I decided.
The complexity of the situation was that the game is being written on AS3 (Air). I had to write Native Extension in Java (with which I am not particularly friendly).
In general, GoogleAuthUtil did not fit in my case, I spent a couple of days studying it, but I still couldn’t really figure it out.
Found getting a token in AccountManager. On the event, we send the token to air, which sends it to the server.
If you never know who needs it, I can send ANE Java sources.

@

@ntkt, 2014-03-28
_

The task looks like a completely similar task "to authenticate a user on your server site through a foreign authentication provider with OAuth 2.0".
developer.android.com/google/play-services/auth.html