I am having extreme concerns with using parse as a backend for security reasons,I'm trying to build an app that deals with currency that can be transferred between accounts. I've been using basic cloud functions where a user cannot send money to themselves,also where a use has to be existing to access users in the app. But since the app key and what not are in plain text,basically anyone can use this and build a fake app. What is the best way to prevent or thoroughly secure this from happening?
Asked
Active
Viewed 103 times
1
-
Wait, app key is not public. No one can use it. 2. You can manage which user can update/edit data and can send what sort of requests. – Tushar Gogna Jan 09 '15 at 05:22
-
Say someone decompiles the application(Android),they have access to the classes in my application. Therefore they can literally recreate the app I wrote or screw with something in the database. @PsyDuck – Rhynoboy Jan 09 '15 at 05:26
-
1You sign your application and use `obfuscation` and tools like `ProGuard` and then put that apk on Play store. No one can use reverse engineering on that. [See this answer](http://stackoverflow.com/questions/13854425/how-to-avoid-reverse-engineering-of-an-apk-file) – Tushar Gogna Jan 09 '15 at 05:27
-
And to restrict user, go through [ACL](https://parse.com/docs/android_guide#security-recommendations) at Parse Docs. – Tushar Gogna Jan 09 '15 at 05:36