Android and HTTPS

Question

We've recently applied a certificate to the webservice that is used by our Android app.

I've changed the path to the webservice to the HTTPS one and all is working. No exception is thrown.

Below is the code I use to POST to the webservice:

HttpParams httpParameters = new BasicHttpParams();
// CONNECTION TIMEOUT
int timeoutConnection = 15000;
HttpConnectionParams.setConnectionTimeout(httpParameters, timeoutConnection);
// SOCKET TIMEOUT
int timeoutSocket = 30000;
HttpConnectionParams.setSoTimeout(httpParameters, timeoutSocket);
DefaultHttpClient httpClient = new DefaultHttpClient(httpParameters);
HttpPost httpPost = new HttpPost(getWebServiceAddress() + actionName);
httpPost.addHeader("Content-Type", "application/json; charset=utf-8");  
httpPost.addHeader("Accept-Encoding", "gzip");
httpPost.addHeader("User-Agent", "gzip");
httpPost.setEntity(new StringEntity(jsonBody, "UTF-8"));
HttpResponse response = null;
response = httpClient.execute(httpPost);

My question is: without changing Android code, is my outgoing communication from the app secure too? Do I have to apply any changes to the code pertaining to HTTPS to enforce the encryption?

Answer 1

• is my outgoing communication from the app secure too?

If you use sockets use should use SSLSocket and put SslCertificate on it. With HttpURLConnection just change instance to HttpsURLConnection

-Do I have to apply any changes to the code pertaining to HTTPS to enforce the encryption?

If you want to send outgoing message then -yes,otherwise -no

Answer 2

Using WireShark on the server I was able to track down the packets being sent from my app to the server.

The packets were for an encrypted incoming connection through TLS protocol. Therefore my outgoing data IS secure and no other Android configuration is necessary.