On 7 June 2011 14:18, Dani <eraofw...@gmail.com> wrote: > Thank you for the answer and sorry for my English, > I don't mean to protect data stored in the device, but I mean to > protect the communication between client (my app) and server: > for example, I want my web service is accessible only by my app.
Whatever you do you can't be 100% sure that other side is your application. You can try to make it harder to spoof but if depending on how you do that and the skill of atackers it eventually can be done. You may try to secure communication channel with SSL but make it require certificate signed by your CA, so unless you make it quite easy to extract the certificate from your app, that whould make it harder to spoof just by knowing the protocol. PS: and do not make it "Sony way" :) check signatures, not just "assume" as they did. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en