Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
My application would be frequently connecting to the web service to get some data in json.
Is there a way this data can be encrypted on server side and decrypted on application side so that data transferred is secure and safe?
Also, if the applicaiton comes with its own database (sqlite db file), is it possible for anyone using this application to look at this database (tables, fields and content)?
Regards,
Sapan
Your easiest option for transferring the data encrypted is to use SSL (i.e. https) for the communication between the app and the web service.
If you need to set up your own self-signed certificate for the server (instead of buying one) you might have problems getting android to talk with it, but it’s doable. See this SO question for tips.
Regarding reading the database, it might be possible. I would assume that an attacker that got access to the phone could read the database, if they were determined enough. If you want the data to be really secure, you would have to store the database in an encrypted file and require the user to enter a password each time they open your app.
You have to decide how much security you really need.
You should definitely go for SSL encryption of the data when you transfer it over the network, though.