Detecting http request from a mobile app
Question
How can one detect an http request came from a mobile app?
One option might be adding a input parameter and send it with the http request, but anyone would be able to easily fool the Web service into thinking the request came from a mobile app.
3 answers
solution1
1 2013-05-25 13:43:50
You can try implementing SSL (we currently use mutual SSL in our apps). Another option would be to use existing Google Play Services to verify back-end calls from apps .
solution2
0 2013-05-25 13:32:06
you can check request headers for the user-agent. but even that can be manipulated.
solution3
0 2015-08-31 23:00:40
In case your service provider can't provide you with SSL infrastructure, you can make a hash string that came from some information sent in the request. For example, you could create a hash from the request's body, the URL, the method, and maybe some user access token or API key.
If you know how that hash is created in the client, you can recreate it in the server side and compare it to the hash your mobile app sent. Given that only you, the developer, knows how that hash was created, no one will be able to fool it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.