I want my web server to accept requests that originate only from my mobile app.
Since mobile apps are client apps that means that users can have the binary and decompile it or use a tool like Fiddler to interpret the API calls and reconstruct them (ex: in a console app).
So what I want is a way of generating a key that is bound to my app and the user's device.
The app is deployed in Windows Phone7, iPhone and Android. A cross platform solution would be ideal but something that works only in one platform is also more than acceptable.
Thanks!
Considering that you are deploying an application to a client, the actual answer here is 'not possible'. You can make it difficult for someone to fake an 'official id', but because you do not have control over the system that is making the requests, it could be your application or anything else pretending to be your application.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With