CODEWITHSUNDEEP
androidencryptionhttps
psykhi
psykhi

Reputation: 2981

Encryption between Android client and PHP server

I'm a total noobie when it comes to encryption and I think I'm seeing my problem all wrong, let me explain:

I want an Android application to contact a server to get items to display in an app. Then if the user interacts with this item , I want to send a feedback to the server telling which item has been clicked on to save it in a database .

The first thing is that I don't want anyone to "intercept" this "feedback" over the network while sending them to the server. So I decided to use https connection. But let's say the script I'm calling for feedback is https://mydomain.com/myscript.php (with a POST request). I don't want someone to reverse engineer my Android code and see that I'm calling this script to send a feedback ,because then he could use it to the same purpose.

So then I thought "Hey, let's just grab a key from the server to send it back when i have to send a feedback to the server". But again, to get this key, I need to call a php script, and if someone could call this script, get the key, he could then send the feedbacks as he wants.

It seems to me like there is no end to this. And I know there is one :D I think I am looking at this the complete wrong way. Do you have some guidelines to follow to do so?

Thanks !

Upvotes: 3

Views: 1902

Answers (1)

Brian Attwell
Brian Attwell

Reputation: 9299

Don't trust clients

You cannot extend trust to client software. There is a good quote in "Building Secure Software: How to Avoid Security Problems the Right Way" by Viega and McGraw.

People commonly hide secrets in client code, assuming those secrets will be safe. The problem with putting secrets in client code is that talented end users will be able to abuse the client and steal all its secrets. Instead of making assumptions that need to hold true, you should be reluctant to extend trust. Servers should be designed not to trust clients, and vice versa, since both clients and servers get hacked. A reluctance to trust can help with compartmentalization.

A solution

You can't trust client software. But you can sometimes trust individual users. And you can remove spam. Things to consider:

  1. Detect spammy posts by using a spam classifier. This will take a bit of time.
  2. You can rate limit POSTs from a single IP address
  3. You can require users to be logged into your app in order to write feedback. And then rate limit feedback from a specific account.
  4. Better yet, you could require people to first authenticate themselves with Google+ or facebook's servers (ie, your app requests the user to authenticate their Google credentials. This should be pretty painless for them, since 95% Android users have Google credentials.) before posting. Then rate limit each account. Most bots won't have access to many/any fake facebook/Google+ accounts, since you have to break captchas in order to register. This should make it very difficult for bots to post.

Large companies use a combination of 4, 3 and 1. The Google Play store used to try and detect all spam reviews and delete them. But now they use #4 as well. You can't post reviews on the Google Play store without being logged in anymore!

Edit: this may also be useful http://android-developers.blogspot.ca/2013/01/verifying-back-end-calls-from-android.html?m=1

Upvotes: 4

Related Questions