java - How to send app data securely to a recipient/server -



java - How to send app data securely to a recipient/server -

i'm developing android app user has fill out , send info of few text fields recipient/server, enable feature.

the big issue how in secure way protected against e.g. decompiling. concern not security during transport rather security of transport medium.

what i've thought/read far:

i send info via mail service java mail service api. first of all, don't want require user has come in mail service credentials , smtp server. mean have include credentials mail service business relationship in app, though. avoid situation decompiles app , takes on mail service account, thought of encrypting methods, if save aes encrypted version of password, attacker decompile app , add together syso output decrypted password. same applies oauth authentication because have store authentication token. in add-on mail service version, read getting password post request web service, doesn't seem safer @ all.

i search free smtp server without need of credentials, want can rely on instead of waking each day , looking if service still works.

send info web service. okay require more work me, take that, if there solution without saving credentials in app or having web service accepts info everybody.

have overlooked something? or there no safe method without asking user mail service credentials or google business relationship etc. ?

oauth work. nice thing oauth if token compromised can revoked on server side.

you create web service accepts tcp connections on port. have authentication mechanism illustration digest authentication carried out before accepting data.

another alternative utilize api such golgi. golgi requires developer key, app key , app instance id connect servers , send data. in event these credentials somehow compromised can alter app key , force new version of app through play store.

java android security encryption

Comments

Post a Comment

Popular posts from this blog

php - Android app custom user registration and login with cookie using facebook sdk -

php - Android app custom user registration and login with cookie using facebook sdk - i developing android application in users need register , log in using facebook. approximately, flow. open app first time, authenticate facebook, data, send info server create them business relationship in application, start session new business relationship in server, cookie perform later interactions. so far good. what need know wich info have send server, can able identify users when log in seccond time. because need start session in server , send cookie android app farther interactions. i'm using php server side language. i thinking getting getaccesstoken() in android facebook sdk, pass server on business relationship creation , storing in android app. but can't manage how login users on sec time utilize app. any suggestions ? in advance ! to uniquely identify user within app, should create request /me , user's id. guaranteed unique , remain con
Read more

django - Access session in user model .save() -

django - Access session in user model .save() - is possible access current session in user model .save()? pseudo code of want achieve: # users.models.py def save(self, *args, **kwargs): created = true if self.pk: created = false super(abstractuser, self).save(*args, **kwargs) # post-save if created: look_for_invite_in_session_and_register_if_found(self, session) seems wrong in architecture. shouldn't access request in models layer. work request must done in view. can this: user, created = abstractuser.objects.get_or_create(name=name) if created: look_for_invite_in_session_and_register_if_found(user, request.session) django session
Read more

php - .htaccess Multiple Rewrite Rules / Prioritizing -

php - .htaccess Multiple Rewrite Rules / Prioritizing - here current htaccess file: rewriteengine on rewritecond %{http_host} !^www\.website\.com [nc] rewritecond %{http_host} ([^.]+)\.website\.com [nc] rewriterule ^(.*)$ http://www.website.com/gotourl.php?urlid=?%1 [l] rewriterule ^(\w+)$ ./gotourl.php?urlid=$1 [nc,l] rewriterule ^(\w+)/$ ./gotourl.php?urlid=$1 [nc,l] the website in question url shortener i'm working on testing/developing , personal use. above code may not ideal i'm not familiar .htaccess , made via googling , testing. want url shortening aspect: http://website.com/1234 -> http://website.com/gotourl.php?urlid=1234 http://website.com/1234/ -> http://website.com/gotourl.php?urlid=1234 the problem cannot figure out how ignore directories. want specific directories go specific pages: http://website.com/img (or) http://website.com/img/ -> http://website.com/img.php http://website.com/img/1234 (or) http://website.com/
Read more