android and server secure communication

Question

In the end I knew that nothing will be their to help me other than the Expert Advices of SO community

.I have seen some other questions asked here on stackoverflow about this same thing,but nothing made me clear. I have an android app which is obtaining some registration id from GCM server ,then I want to do some further progress in the development process.However when I came across the security factor, I came to know that my problem is similar to this

• One of the Question here

Now, the problem is I want to verify that every time somebody is making requests on my server; then I must be able to know that it is coming from my application.I also read of using SSL, OAuth from other resources over internet,but I have not used it before and I am a complete newbie.I want to integrate in my android devices.If there are some other alternatives please suggest.

---

The thing that my .apk will be easliy decompiled is not letting me do anything. My SENDER_ID,can easily be retrieved,I will not be able to use some hashing functionality it can be cracked.Whatever way I am thinking to make life harder for the attacker,I am reaching up to the conclusion that nothing is there to stop him/her

---

Some links and examples to implement the functionality may help.Thank you

Answer 1

Use HTTPS for server communication and use verfiying back end calls from android.

You use the GoogleAuthUtil class, available through Google Play services, to retrieve a string called an “ID Token”. You send the token to your back end and your back end can use it to quickly and cheaply verify which app sent it and who was using the app.