Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
401 views
in Technique[技术] by (71.8m points)

android - Secure web service requests

I need to make requests to a web service via android application. The webservice can be designed as needed.

It seems to me that no matter which approach I will choose, someone who wants to hack it, will just need to reverse engineer My android appliaction code (which isn`t very hard) and could see exactly what I do, wheather I encrypt the data, use hardcoded Password or any other solution for that matter.

Is there a solution which will be 100% secure?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

There is no 100% secure, all you can do is make things harder for your attacker. Things you can consider:

  • Encryption - Passing your requests over encrypted channels will stop basic sniffing (this can be countered with MITM)

  • Obfuscation - Make your intent harder to understand when they do decompile your app

The second part to this is mitigation - the ability to notice when your app has been compromised and deal with it. A typical way of handling this is to assign a unique token to each client on first run then pass this as an argument on each call to your service.

This way if somebody decompiles your app and figures out how to call your service you can at least start monitoring where the abusive requests are coming from and also monitor for suspicious behaviour (i.e. multiple requests from the same key in a short period across different IP addresses). From there you can start blocking keys.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...