Reputation: 981
http security on Android hybrid app
I am developing an Android hybrid app
The client side is written in JavaScript and html, and the device is listening on 50001 using AsyncHttpServer of https://github.com/koush/AndroidAsync
The http server implements /doSomething- how do I prevent external apps (including the device browser) to call http://localhost:50001/doSomething ?
The hybrid app should be the only one able to call this method.
Upvotes: 0
Views: 70
Answers (1)
Reputation: 93542
You can't. You can only make it more difficult.
One way of making it more difficult is to embed a key value in the app, and require the app to pass that value to the service. Then only apps that know the value can do that. Of course if you do this its trivial to decompile your app and find the value to spoof you.
To be more secure, you can implement authentication- encrypt the channel via ssl and have the user log in via a password. This will make it so that only an authorized user can use you service- but it wouldn't stop an authorized user from using another app to call that URL.
Upvotes: 1
Related Questions
- Making non-secure http requests in Android nativescript
- How to secure url in my code android?
- Best practice: How do I secure Http-Requests (eg Login) from a mobile application
- Android App Login/HTTP Security
- http request protect from android
- Secure web service requests
- how to secure http data in android (security token )?
- secure http call in android
- Android Secure HTTP communication
- Android : HttpClient Secure