Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
My android application sends data to my website. Right now, anyone who can trace where the data is being sent can find my web website and be able to run my php files that processes the data. How can I disable users from accessing my website through a browser?
This is actually pretty easy to do.
Set up mutually-authenticated SSL between your app and your web server. Basically, you’re going to create a self-signed certificate using the Android keytool to deploy onto the server and then another self-signed certificate (for the client) to deploy into your app. Configure the server to require client authentication and to only accept the certificate you just deployed into your app. Configure the client to only accept the self-signed certificate you installed on the server and to present the certificate you deployed on it when prompted by the server.
This is pretty easy to set up and then your server will only talk to your app (since it is the only thing that has the specific client-side certificate) and the app will only talk to your server (since it is the only thing that has the specific server-side certificate).
More details about how to do all this (with a walkthough) are in my book: http://shop.oreilly.com/product/0636920022596.do.