How to restrict access to images on server, except via mobile devices?

Question

I am building a simple android app for viewing images located in public_html/preciousImages which is password-protected folder on a hosted server.

I understand that I'll need to use HTTP authentication for providing user/pass (Android HTTP Authentication ), however, these credentials, when embedded in code, can be easily hacked using debugging apps like Charles; and then used to leech/hot-link the images.

So I want to implement another layer of security and looking for a way to allow access to the images only from mobile devices (android for now; iOS and android in the future).

Is this the right line of thinking? Or is there a better way to do it (server settings, php, anything...)? I am not worried about compromising small number of images (downloading one-by-one on mobile device) but would really like to avoid them being leeched en-mass.

Thanks in advance.

Answer 1

You can generate request for the images in post body and by setting some custom header for that like

// Http Post Header
HttpPost httpPost = new HttpPost(url);
StringEntity se = new StringEntity(jObj.toString());
httpPost.setEntity(se);
httpPost.setHeader("IsFromApp", "true");

Here httpPost.setHeader("IsFromApp", "true"); may differentiate the request from others. We can judge on server side that the header which is true for IsFromApp then request is from mobile device or Android Device. You can customize that accordingly.

Happy Coding

Answer 2

go for public key, private encription using hmac sha1. Android has native libraries for it.

check this QnA