I have created and published on Google Play an Android app that communicates with my server. I want to check that my server (Java Servlet) only accepts requests from this Android app, so that if someone clones my code and creates a new app, when it tries to communicate with the server, the requests are rejected.
Is there a way to do that? Perhaps with domain names, or signed apps,...? This is to prevent phishing attacks.
You can get your app's signing key and check it on your server, but someone can get this information. If you use https for your connection, and use proguard, I think it's disincentive enough.
Related
I have a web application running on Apache Tomcat and this Web Application runs on a server to which my Frontend connects. The Frontend's could be a Browser or and App that runs on Android or iOS.
I would now like to allow access to my Tomcat Web App only to specific devices that I device. Restricting access using IP address / MAC address might be the dumbest solution that I could think of, but that is doomed to fail given the diversity of the routers that could be inbetween the device and my Web App. So how do I potentially decide access to my Web App only to some specific devices?
I can see that Google already does this! I mean if I log in to my Google E-Mail account from a completely new device, it would prevent me from doing so and asks me for an authentication token from one of my trusted devices. Is there any AI or some funky Machine Learning happening behind the scenes at Google that actually checks for registered devices?
I would like to do the same to my Web Application running on Tomcat. So how do I do this? Any suggestions?
I'm using Retrofit for making get/post requests to my app's web api.
I installed ssl on my server , so i can successfully connect my web api via https.
(Note : the ssl certificate is not self-signed.)
The weird thing is , you can capture get/post or other requests with this app : https://play.google.com/store/apps/details?id=app.greyshirts.sslcapture
Also if you use http or https it does not matters.The "Packet Capture" app can capture all web request...
(You must install Packet Capture app's certificate on your device to work)
The question is ,
I want to protect my app against network sniffing , how can i do that ?
I'm using asp.net / iis 8 for web api if it matters
If you want your network traffic to be unreadable to others regardless of where they can look, you must encrypt and decrypt everything yourself in your own code and not rely on anything the operating system provides. Use a suitably strong encryption scheme.
This is only open to you because you control both the server and the client.
I am currently developing Java web services that run on WebLogic on a server. There is a requirement that I need to send push notifications to mobile devices running on iOS. I do know what is required for developing GCM/FCM for sending notifications to Andriod devices. For iOS, I know there is APNS, but what Java library can I use to send the notifications?
Also, what are the required things (registration ID, etc) needed in order to send via APNS?
Any example codes?
I have googled and found out about java-apns and javapns, but I am not even sure if they are obsolete already.
Thanks in advance.
I can help you with what all are the things which are must to implement APNS. Please note that with the introduction of new HTTP/2.0 APNS API, a lot of things have changed which used to be before. (Good news is : Things have really become easy & simple now)
Would advise you to go through the below link:
https://developer.apple.com/library/ios/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/Chapters/Introduction.html
APNS Prerequisites:
1) APNS SSL Certificate, Key (Same for sandbox & production now, previously used to be different for production/development/voip etc. This is the most important step, as most of the issues related to APNS are due to the wrong certificate generation)
2) device token (specific to per iOS app running on an iOS device, your iOS client app needs to register with APNS to get this device token. Also device token is normally different for development & production environments. So please make sure your using the right token)
Once you have above mentioned certificate,key & device token for your iOS App, you can send APNS notifications from your application provider using APNS interface.
Please note that, device token can change anytime (normally during iOS software upgrade), so its always advisable to obtain fresh device token every time your app is launched.
On your query related to java library for apns, please note new APNS interface has a dependency on HTTP/2.0 . Both open source as well as enterprise versions (like AWS, Urban airship etc) are available which you can select based on your needs. Not sure if AWS supports new HTTP/2.0 interface. However its always advisable to use the latest APNS interface as per Apple guidelines.
Optionally, you can also use GCM as well to implement APNS.
https://developers.google.com/cloud-messaging/ios/start
However, your iOS app may need to register to GCM as well for the same. Basically the iOS device token will be mapped to GCM device token. However, you would still need to generate certificate,key as well as device token as I have mentioned.
I hope it answers your query.
_Ayush
I have a little question about an android app with a function "remote" use via internet.
So I have these ideas:
Create a webservice using php on the server, and refresh the client app all x time like 4-5 sec
Or make a java server (so I don't know how I can do that)
I just want make a remote connected via user/password to the server and the other app connect to the server and refresh his status.
Do you know the best way for do that?
Thanks
The question is not very precise, but as far as I understand it, both your ideas implement the 'pull' concept, that is the client app checking the status of the server every now and then.
If you want the app to be instantly notified of the server status change, I would suggest push notifications with GCM (Google Clound Messaging). You can find some basic descriptions and examples at: http://developer.android.com/google/gcm/index.html
Sending a server-to-client notification is simple regardless of the platform you use server side. E.g. for PHP integration with GCM, check out this thread: GCM with PHP (Google Cloud Messaging)
I am now trying to do a project which is, there will be a server on windows pc and there are some clients on android devices.The point is the server one should control the android devices.For example it choose a image or video, send them to the clients and the clients play or show them.Remember the clients should be control by the server.
So could anyone tell me a proper way to do that, which protocol should i use, how do i send the files to the clients and how do the clients react? I am thinking of using java for the server and of course the client will use android application.
Thank you.
You might find Cloud to Device Messaging (c2dm) useful: http://code.google.com/android/c2dm/index.html
In essence, c2dm allows a remote server to send an Intent to an Android app. The device-side app can then respond to that intent to take the requested action. Chrome2phone works this way to open web links on a target device. http://code.google.com/p/chrometophone/