3

I upload some data and communicate with my server using my application.I send data to PHP file on server and then it writes in database.

Currently those links are stored in my android application code, like :

// single product url
    private static final String url_product_details= "http://23.229.161.73/android_connect/get_product_details.php";

    // url to update product
    private static final String url_update_product = "http://23.229.161.73/android_connect/update_product.php";

    // url to delete product
    private static final String url_delete_product = "http://23.229.161.73/android_connect/delete_product.php";

Its very easy to decompile the application source code and all those links are visible then.So how to encrypt those links if possible, inside the application and ensure that someone doesn't sniff out the data.

Shashank Chavan
  • 131
  • 11
  • 3
    You dont, there is no point. Instead you have proper authentication on the server, so that knowing the links is pointless without the correct credentials – Steve Oct 01 '14 at 16:34

2 Answers2

6

You should be calling URLs with https and encrypting the connection.

The fact someone can see the URL doesn't matter (they could get this by sniffing the network anyway). You pobably want to ensure the request has come from a trusted client

Guy Incognito
  • 500
  • 2
  • 5
  • 9
5

You can optimize and obfuscate the code with ProGuard so that your code would be safe and it'd be difficult to reverse engineer it. But then again, your android code can never be 100% safe as discussed here. Also, the best way to handle is that you have some server side authentication, so that even if someone finds out the url, still (s)he will be unable to use it.

Community
  • 1
  • 1
Antrromet
  • 15,294
  • 10
  • 60
  • 75