Reputation: 10342
Security between Android and PHP webservice
I have an Android application and an in-app purchase.
I want to post the user_id s of the ones that purchase it to my remote database via a php file.
I know some clever users can listen to the network and see the address of my php service. They may even find out what variables I am sending. I know how to encrypt user_id of course. I can do it either with RSA or AES. But I need to keep public key for RSA in the app.
Here is my question: A more clever attacker can easily get the public key and encrypt his user id and post to my web service. How do I prevent this scenario?
Upvotes: 0
Views: 457
Answers (1)
Reputation: 10342
I have solved my problem. What i need is to do signature verification on the server side. I just need to send the signature and the signed data to my server. No one can trick these data. They are coming directly from google. Once the signature verification is complete I just added the user to my mysql table.
Upvotes: 2
Related Questions
- Securing webservices of PHP
- Android and PHP server: encrypt and decrypt data
- Send RSA Public Key in Java to PHP server
- securing a REST API accessible from Android
- How to send data form php server to android
- Encryption between Android client and PHP server
- How to secure Android-php connection?
- Securing connection to php server without SSL
- RSA between php server side & java (Android) client .
- What's the best way to secure data between an PHP webservice and a Android/Java application