Check if http request comes from my android app

by

One of basic rules of security is: you don’t trust client data. Ever.

You should consider your app decompiled, all “secret” keys known to attacker, etc.

You can, however, hinder attacker’s attempts to forge your requests. Sending (and verifying) checksum of your request is one of methods (your idea of MD5(secret_key + params)).

You could also switch to a binary encrypted protocol. But this requires MUCH more work and quite a different architecture of server.

More Related Contents:

  1. encrypt and decrypt md5
  2. Laravel 5.1, Return response to user, then excute some code [closed]
  3. I keep getting these kind of errors in terms of HttpUrlConnection and BackGroundTask in android
  4. How to convert the json image url string into Bitmap image to display images in android application
  5. How can I secure my source code [closed]
  6. Are PDO prepared statements sufficient to prevent SQL injection?
  7. Why would one omit the close tag?
  8. Reference: What is a perfect code sample using the MySQL extension? [closed]
  9. The ultimate clean/secure function
  10. GCM with PHP (Google Cloud Messaging)
  11. Exploitable PHP functions
  12. Preventing Directory Traversal in PHP but allowing paths
  13. What is the best way to stop people hacking the PHP-based highscore table of a Flash game
  14. preventing csrf in php
  15. Generating cryptographically secure tokens
  16. Which $_SERVER variables are safe?
  17. What do I need to store in the php session when user logged in?
  18. PHP setcookie “SameSite=Strict”?
  19. Magic quotes in PHP
  20. Google GCM server returns Unauthorized Error 401
  21. C2DM implementation PHP code
  22. How do you set up use HttpOnly cookies in PHP
  23. Fastest hash for non-cryptographic uses?
  24. Best way to avoid code injection in PHP
  25. Detect if Android app has been installed on the device using a mobile web page – PHP and JS
  26. Using PHP/Apache to restrict access to static files (html, css, img, etc)
  27. Is it secure to store a password in a session? [duplicate]
  28. pass arraylist bean from android to webservice php
  29. Secure and Flexible Cross-Domain Sessions
  30. Can a client view server-side PHP source code?

Leave a Comment