Well, I know User-Agents can be easily spoofed to "appear" as anything, so I would like to avoid relying on that.
But regardless, what I'm trying to do is to allow ONLY my app to communicate with the web server - the web server would not respond to requests coming in from any other sources (web browsers, other devices, etc). The client/server communication is RESTful. Any thoughts? On Jan 22, 7:51 pm, Kevin Duffey <[email protected]> wrote: > Not entirely sure what the android browsers provide in the request header > (if you are talking about the browsers on android and not a specific app), > but usually their is a header that identifies the client browser and OS sent > in the request. > > On Fri, Jan 22, 2010 at 4:01 PM, Flapjack <[email protected]> wrote: > > Suppose you run a web service that accepts requests from Android > > devices and spits out some data. Is there any way to ensure that the > > request actually came from within an application on the Android > > handset? In other words, restrict access to all other devices - > > iphones, desktops, laptops, even requests through a web browser ON an > > android phone that didn't come from the app itself? > > > Simply, how can I enforce that my web server ONLY responds to my > > Android-based app? > > > -- > > You received this message because you are subscribed to the Google > > Groups "Android Developers" group. > > To post to this group, send email to [email protected] > > To unsubscribe from this group, send email to > > [email protected]<android-developers%[email protected]> > > For more options, visit this group at > >http://groups.google.com/group/android-developers?hl=en > > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
