-1

I have an android app which people can register with. The server, which manages accounts, has checks to make sure that only people registering on the application can be added.

My security problem is that a bot script can run on an emulator to send requests. So i thought that the application will check if it is being executed on a real device using some of the methods posted here : How to find out from code if my Android app runs on emulator or real device?.

Is this a better way than using a captcha or can this also be compromised?

Community
  • 1
  • 1
user2342875
  • 239
  • 1
  • 4
  • 14

1 Answers1

-1

There is no "100% secure" way, or any good way at all. Captchas are not secure, and about the device check, why do you think the check built in in your program has any meaning?

If I were to write a bot for your service, it would have nothing to do with your app or Android in general, instead it´s a PC program using the PCs internet connection to communicate with your server.

And no, cryptography won´t help much: To have any encryption, authentication or whatever between app and server, the app needs a key. As long as I can get the app, I can get the key too...

deviantfan
  • 11,268
  • 3
  • 32
  • 49
  • Any reason for the dv? – deviantfan Aug 24 '15 at 20:57
  • I understand that given enough time and resources anything can be hacked. So if I understand correctly, if my app has a password(key) to authenticate it, someone will be able to "get" this key then? – user2342875 Aug 24 '15 at 20:58
  • Correct. Relying on some Android check etc. won´t help because users don´t need your app at all to communicate with a web server, and having some sort of secret in the app won´t help because users can extract it. (It´s a bit better than nothing, but not "secure" at all) – deviantfan Aug 24 '15 at 21:00