To your second question, it's basically impossible to hide the code from the user. If you want to do that, run it on a server and communicate back the results, because someone can always reverse engineer the code if they have it in their hands.
You can always force the user to register an account and verify that on the server with a token given back to them, that's pretty much the standard thing to do. Kris On Wed, Aug 21, 2013 at 6:20 AM, <pioneer.non...@gmail.com> wrote: > Hi > I'm going to create a e-book reader application. This application can open > up encrypted book files after receiving key from a web server. > All key communication process and information transferred are encrypted by > some other keys. > > I want to apply a mechanism on server-side to control identity of sender. > > I used user-name & password, random hash-key & device IMEI. > > > 1. However i want to know is it possible to check which application is > sending request to server or not? e.g. is it possible to check CRC or > signature of apk which send requests to server? > 2. Are there some mechanism for securing source codes, more > sophisticated than ProGaurd for hiding source codes and libraries inherited > in APK file or not? > > Reason that I'm asking this question is: > As long as i checked it is possible to do reverse-engineering on APK > files.Using ProGaurd make it harder to decompile codes and understand them > but it *will not make it impossible* (may be I'm wrong about this). > I want to make some mechanism that if somebody accessed my source codes > and generated new app out of it, I'can control application-identity using > its signature or something else on server side before sending private > information toward it and avoid leakage of information > > It is impossible to secure information in all aspects but it will be so > hard if i cannot secure my source codes. > Thanks for your notice in advance :) > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to android-security-discuss+unsubscr...@googlegroups.com. > To post to this group, send email to > android-security-discuss@googlegroups.com. > Visit this group at > http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
