0

I am creating an android app that will communicate to my UNIX server. Server side language is PHP and for Android I am using CORDOVA.

Now the question is when I send AJAX call from my APP to server, then how will server know whether its my APP or someone else APP.

I have self signed my APP by creating keystore. Is there any way my server can find details of SHA fingerprint of my APP while communicating with server?

Sidhant Shubham
  • 33
  • 6
  • Related: http://stackoverflow.com/questions/9992572/android-piracy-prevention-with-server-requests – Morrison Chang Dec 27 '16 at 23:21
  • This is good post. @MorrisonChang . But what if some one copy my APP and create a new one. How I will make sure that request is coming from my APP only and not from someone else APP? – Sidhant Shubham Dec 28 '16 at 14:02
  • Relying on the SHA fingerprint is a bad idea. That is easily discovered. You should read about creating secure session tokens. (Morrison Chang's comment gives one reference.) – Hod Dec 28 '16 at 00:48
  • The point is there is no way to prevent that your client side is a fake (including stolen login/password), only by checking on server side what is reasonable behavior can you keep abuse to a minimum (see every online video game vs bots/cheat scripts). – Morrison Chang Dec 28 '16 at 21:39

0 Answers0