2

I'm developing an app and I use volley to fetch data from server in background . Can anyone see the urls I have used in my app?

If yes then how? and how can I prevent anyone from seeing them?

purush
  • 559
  • 3
  • 12

2 Answers2

1

Yes, people could see what URLs are used. Specifically:

  • Users can decompile your app, and read the URLs from the decompiled source. Use an obfuscator such as Proguard to make this more difficult.

  • Users can also attach a debugger to your app at runtime, again revealing the data. Remember that the user has full control over the device and anything running on it.

  • Users can use a network traffic sniffer, eg Wireshark, or a firewall which logs all traffic, in order to see what your app is requestion. Make sure you're using HTTPS in order to make this harder. Make sure you also implement HTTPS correctly, especially, this means to not simply accept all certificates.

You cannot completely prevent people from seeing the URLs your app is using, since the app is running on the user's device, where the user can do anything he wants with it. You can only make it harder.

See also:

Community
  • 1
  • 1
Jonas Czech
  • 12,018
  • 6
  • 44
  • 65
0

Yes, for example you can open chrome developer console and look at requests that are being made from your app if you are developing web app. In case of mobile app, everyone also can sniffer internet traffic, for example connecting to your own wifi router and listen to traffic, or use special tools like portswigger.

You cant prevent your urls from being revealed anyway, but you can use https in order to hide data you send.

Hope this ll help.

Alexander Borodin
  • 36
  • 5