How can an application authenticate itself to a server? Lets say I release an

Question

0

Asked: June 5, 20262026-06-05T19:45:02+00:00 2026-06-05T19:45:02+00:00

How can an application authenticate itself to a server? Lets say I release an

0

How can an application authenticate itself to a server? Lets say I release an android application that can connect to my web server.

Is there any way I can assure clients use the application i made, and not a third-party one? I assume it is possible to reverse-engineer to get the source code of my app (it seems proguard is not perfectly safe) and thereby a third party could easily make an app impersonating mine.

Does TLS/SSL solve this issue, and if so, how? I could require the client to send my server a certificate from a trusted authority, thereby laying the responsibility of authentication on the trusted authority. But how does this work in practice? Lets say i produce self-signed certificates, which I add to the servers truststore. How do I safely distribute these to app users?

Maybe i’m missing something basic here, but anything to point me in the right direction would help!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-05T19:45:04+00:00

Editorial Team

2026-06-05T19:45:04+00:00Added an answer on June 5, 2026 at 7:45 pm

In general, you cannot. The app code is public – nothing prevents baddies from reverse engineering it and emulating the protocol to a tee. More discussion here.

Code obfuscation is your best bet. Specifically on Android, check out ProGuard. No rock solid guarantee, but maybe the baddie will lose patience. 🙂

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

How can an application authenticate itself to a server? Lets say I release an

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply