> > I'm probably being obtuse here, but I don't see how encrypting your > request with a public key would help you with your original problem. > > What stops a rogue app from doing the same encryption? >
They can't see what the parameters are. So what are they going to encrypt?
