Reputation: 2470
Security between Android app and external database
After having read a lot of topics, and questions on stackoverflow about how to access external databases (MySQL) through an Android app, my question is : How to make sure that only MY app will be able to retrieve data from that DB? It's all about security.
In order to access that DB, I intend to make a little PHP file on my server that will be used as an interface between my app and my DB. But, if anybody can see the URL used, then he will also be able to interact with my DB. So, how can I prevent that?
Thank you.
Upvotes: 1
Views: 2526
Answers (2)
Reputation: 991
If your attacker is well motivated, then you can't restrict access to your database via your external API to only your app.
You can make it harder (for example by using a secret stored in your app which an attacker would have to extract; obfuscating your app; using Google's Play services; etc) and you can create deterrents (licencing that restricts use of your API), but fundamentally you need to be prepared for others to be able to send requests to your API that look like they came from your app.
What combination of methods are appropriate will depend on what the consequences of third party access are for you.
Twitter is an interesting case study in using licencing to control third party access to their API. There's nothing stopping someone creating a client that pretends to be the official client except the deterrent that if they get big enough for twitter to notice, they will come after them through legal channels.
Upvotes: 0
Reputation: 2353
First of All I would recommend You to use HTTPS transfer protocol to be honest even self-signed certificate secured with secret (having special signs etc.) is a good protection.
Then You create web service on your server which validate this certificate (make sure you don't hard code certificate secret) and voila.
EDIT
Assuming You are talking about android I will provide You with keytool tutorial Here. I assume also that You are aware that You have to create custom HTTPS handler in order to put certificate in the request if You don't knew how to do it I can post it as soon as I came to home (I have my project on my private computer). Part with server-side certificate validation is Here
Upvotes: 3
Related Questions
- How to prevent hacker access my app's database on android?
- How to connect android to mysql database securely
- How to communicate with an external SQL database through an Android app?
- security for android app in communicate with webservice
- How to have Android App communicate with external MySQL db
- How secure is it to connect to a MySQL database from an Android app?
- How can i securely access a web based MYSQL database from an Android App
- Secure of Android app content
- External Database and Android application
- Safely writing to remote database from Android app