[android-developers] Re: Mechanism to ensure request comes from my app
Thanks Dan, Joe. That's as far as I had got too. It feels like there should be a way. But I can't see one that can't be mimicked. On Sep 18, 8:46 am, joebowbeer joe.bowb...@gmail.com wrote: Keep in mind that other apps can access your app's resources and assets, and in fact anyone can access your apk and obtain anything hidden therein. I wish Android provided a way that a server could determine if a request was generated by some app 'package id' signed by a given key -- but this is not available as far as I know. On Sep 17, 12:03 am, William Ferguson william.ferguson...@gmail.com wrote: If I have my app fetching content from my server, what mechanism should I use on my server to ensure that its my app making the request? Is there any way that I can sign the request to using my app's signature to show its come from my app and not from a stolen version or copycat? I suspect the answer is no, but I'm looking for suggestions. William -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Mechanism to ensure request comes from my app
You can in theory use your app's certificate in reverse to sign the requests. Check the signature on the other end using your private key. Not sure how you can access your app's certificate from the app, though, and it doesn't protect you from an outright stolen copy of the app. On Sep 17, 2:03 am, William Ferguson william.ferguson...@gmail.com wrote: If I have my app fetching content from my server, what mechanism should I use on my server to ensure that its my app making the request? Is there any way that I can sign the request to using my app's signature to show its come from my app and not from a stolen version or copycat? I suspect the answer is no, but I'm looking for suggestions. William -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Mechanism to ensure request comes from my app
Keep in mind that other apps can access your app's resources and assets, and in fact anyone can access your apk and obtain anything hidden therein. I wish Android provided a way that a server could determine if a request was generated by some app 'package id' signed by a given key -- but this is not available as far as I know. On Sep 17, 12:03 am, William Ferguson william.ferguson...@gmail.com wrote: If I have my app fetching content from my server, what mechanism should I use on my server to ensure that its my app making the request? Is there any way that I can sign the request to using my app's signature to show its come from my app and not from a stolen version or copycat? I suspect the answer is no, but I'm looking for suggestions. William -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en