Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Secure web service requests

Tags:

android

security

web-services

I need to make requests to a web service via android application. The webservice can be designed as needed.

It seems to me that no matter which approach I will choose, someone who wants to hack it, will just need to reverse engineer My android appliaction code (which isn`t very hard) and could see exactly what I do, wheather I encrypt the data, use hardcoded Password or any other solution for that matter.

Is there a solution which will be 100% secure?

like image 757
Udi Idan Avatar asked Dec 19 '11 22:12

Udi Idan

People also ask

How do you ensure security in web services?

The general rule of thumb is to always assume all communication between and with web services contain sensitive features. Any transfer of data (especially sensitive or regulated data), and any authenticated session, must be encrypted using well-configured Transport Layer Security (TLS) protocols.

Which HTTP request is secure?

HTTPS Secure: The HTTPS protocol is the Secure Hypertext Transfer Protocol, which is basically an Internet standard protocol for the encryption and confidentiality of the normal HTTP protocol on the Internet.

What is a Web service request?

Web request services serve the web applications that you deploy either via a web server (for example, Apache, IIS, or NGINX) or within web containers (for example, Java, .NET, Node.js, or PHP).

Does Web service can be made secure?

One of the security measures available for the HTTP is the HTTPS protocol. HTTPS is the secure way of communication between the client and the server over the web. HTTPS makes use of the Secure Sockets layer or SSL for secure communication.

1 Answers

There is no 100% secure, all you can do is make things harder for your attacker. Things you can consider:

  • Encryption - Passing your requests over encrypted channels will stop basic sniffing (this can be countered with MITM)

  • Obfuscation - Make your intent harder to understand when they do decompile your app

The second part to this is mitigation - the ability to notice when your app has been compromised and deal with it. A typical way of handling this is to assign a unique token to each client on first run then pass this as an argument on each call to your service.

This way if somebody decompiles your app and figures out how to call your service you can at least start monitoring where the abusive requests are coming from and also monitor for suspicious behaviour (i.e. multiple requests from the same key in a short period across different IP addresses). From there you can start blocking keys.

like image 53
Wolfwyrd Avatar answered Oct 30 '22 04:10

Wolfwyrd
Sign in to Comment

Related questions

How to best implement Two Activities sharing One Service (w. Bluetooth Connection)?
Generics with ArrayAdapters
Android: how can i browse remote device file system via bluetooth?
Android - Create RESTful WebService - Host it on mobile
Are there a Play, Pause, Rewind, Fast Forward methods in Android?
Is regular Java the same as the Java for Android [closed]
android mapview marker size
ORMLite query for date
Android: Detect Scroll Event for EditText
Emulator for samsung galaxy tab 10.1
Android: how to get the name of apk file programmatically?
Launch popup window from service
Cannot build library dependent project after update to ADT 14
Binder preventing garbage collection
How do I remove popup text from listview filter?
general sync settings "auto-sync" checkbox programmatically
TextView state_pressed/state_focused/state_selected style change
Killed Android service and static variables
Android : How to populate a ListView with alphabet indexer and fastscroll as in contacts app.?
Read ApplicationManifest of Android Application (apk) using .NET

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!