Android: Secure connection with a database
Question
I'm developing an Android app. When the user pushes a button, I wanna add the unique identifier of the Android device and some other data to a database.
The problem is: How can I prevent that other applications / websites etc. can put data into my database.
I was thinking about a SSL connection, but also other apps could use a SSL connection to connect to my database. The next what came up in my mind was creation an extra field, use a salt and encrypt the unique id + other data + salt and check on the db server if the encrypted information matches.
But in theory is it possible to reverse engineer an Android app, so 'they' could find my salt and also send the encrypted information to my db.
How can I make a php script to save information into a db, and make it only usable for just my own application?
1 answers
solution1
1 ACCPTED 2011-09-20 21:35:54
If this data is per-device, then on first run create a "cookie", eg a long-enough random ID that you use on subsequent communication with server. And also use SSL so no one can snoop on the traffic.
To generate random string use UUID .
You could use Settings.Secure.ANDROID_ID , but if someone reverses your protocol, they could create an app that piggybacks the exploit. Unlikely but doable.
OTOH, if data is per user, then you need to create a login system.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.