Hi I'm going to create a e-book reader application. This application can open up encrypted book files after receiving key from a web server. All key communication process and information transferred are encrypted by some other keys.
I want to apply a mechanism on server-side to control identity of sender. I used user-name & password, random hash-key & device IMEI. 1. However i want to know is it possible to check which application is sending request to server or not? e.g. is it possible to check CRC or signature of apk which send requests to server? 2. Are there some mechanism for securing source codes, more sophisticated than ProGaurd for hiding source codes and libraries inherited in APK file or not? Reason that I'm asking this question is: As long as i checked it is possible to do reverse-engineering on APK files.Using ProGaurd make it harder to decompile codes and understand them but it *will not make it impossible* (may be I'm wrong about this). I want to make some mechanism that if somebody accessed my source codes and generated new app out of it, I'can control application-identity using its signature or something else on server side before sending private information toward it and avoid leakage of information It is impossible to secure information in all aspects but it will be so hard if i cannot secure my source codes. Thanks for your notice in advance :) -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
