I am making an application that sends a JSON object to a REST API, I want know how to make sure that other applications running on the mobile device cannot read or change the http request (JSON object) information that I passes to the Web Services API ??????????? thank you
Asked
Active
Viewed 59 times
1 Answers
0
If a user of your device has root on the device and if they have installed apps having permissions such as "shark for root" , then these other apps will have READ but not WRITE access to your JSON as it streams across the http interface to the Rest API.
The security sandbox in versions after 4.2 has gotten pretty good and IMO, i would not worry too much about your issue.
If you want to go looking for offending apps by scanning other installed apps/permissions , then go and look at the permissions in the 'shark for root' and then iterate over the installed apps , parsing thru the respective permissions matching the permission allowing shark to read the JSON on the WIRE.
see accepted answer for iteration code.
Community
- 1
- 1
Robert Rowntree
- 6,230
- 2
- 24
- 43
-
there is a link in my original answer . it contains android code you ask for. – Robert Rowntree Nov 10 '13 at 17:56
-
i tried, this only shows pack info !! how can I prevent application to change my sent JSON object? can you be more clear please ? – bourax webmaster Nov 10 '13 at 19:05
-
http://developer.android.com/reference/android/content/pm/PackageInfo.html#permissions get the package info for other apps, get the 'permissions' and if the other app has exposed 'permissions' then you can see them. – Robert Rowntree Nov 10 '13 at 19:28
-
this only helps to prevent CHANGING sent data, i want even prevent applications from READING what my application post – bourax webmaster Nov 10 '13 at 19:31
-
Try SSL . try VPN if SSL not enough. – Robert Rowntree Nov 11 '13 at 01:42