Is it possible to get BundleID and Bundle name any compiled IOS app or android App?
Question
I am trying to secure my app for iOS and Android that I have built using PhoneGap. If anyone happens to break the app and get access to the Web Services URLs in the JS files, I would not want the Web Services to respond if they are called from a browser or from other app apart from mine.
The ways that I can think of are - 1. Using User Agents to check where the requests are from. - It needs to be from device (BUT THE USER AGENTS CAN BE SPOOFED) 2. Send the BundleID and Bundle Name to the WS for authentication. But my concern is if the app is broke can this information be accessed ? 3. Please recommend if there are other ways to protect the Web Services being used in, apart from the app it is intended to be used in.
Regards, CM
2 answers
solution1
0 2013-07-26 09:05:01
If you're concerned about security, use HTTPS.
Anything else can be easily spoofed from a computer.
solution2
0 2013-07-26 09:13:43
The bundle ID can be trivially extracted from iOS apps. An iOS .ipa is just a zip file with the .app inside it. The bundle ID can be found in the Info.plist file, as well as the code signing entitlements which can be read with the codesign tool.
You cannot really protect your web service from being used by non-app code. You could embed some kind of private key in the app and verify this on the server, but keys can always be extracted. It just depends on how much time you and potential attackers are willing to spend on the problem.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.