I was thinking about making a new Android application. But in this one I need to use MySql connection to one of my web pages. But I was wondering is this safe? Can you decompile a apk app and find the user name and password used by the Android app? And if so, what is the most secure way to create such an application?
Thanks for all the help and replays.
Encrypting the sql queries will secure your app when someone attempts to sniff/snoop the data between the app and the server, but when decompiling the app, anyone will get your connection parameters including username and password.
You have 2 clean solutions to look at:
(1) Use webservices, you may choose to use SOAP webservices, these are the most standardize services and you'll get no problems for reusing your webservices in other apps/languages as interoperability is what standardized webservices come from, but SOAP implies more data to transfer, parse and unparse; SOAP is a heavy-weight XML standard that is centered around document passing and is slow for high throughput apps.
REST webservices are very lightweight, and relies upon the HTTP standard to do it's work. It is great to get a useful web service up and running quickly. If you don't need a strict API definition, this is the way to go. Most web services fall into this category. REST is faster but there's no real interoperability politics in it.
(2) Use data streams (or websockets) if your apps is consuming large amount of data through webservices (video, file upload ...)
