I have created some php web pages for inserting webview & some json informations in an android app. And I want to protect my web data by allowing access to these web pages ONLY from my app , how is this possible ? I heard that this can be done by setting my own user agent in the app and catch it in my web page , but I don't know how to do this
Asked
Active
Viewed 377 times
0
-
this is a similar question... https://stackoverflow.com/questions/26750657/how-do-i-check-whether-the-user-agent-is-from-the-mobile-app-or-mobile-web – NappingRabbit Dec 08 '17 at 19:38
-
@NappingRabbit I didn't find what I need bro – Chaouki Anass Dec 08 '17 at 19:59
-
yeh it was unanswered but pointed to an iPhone question that was similar. I didnt mark your question a duplicate, just thought it may help while you wait for an answer. – NappingRabbit Dec 08 '17 at 20:01
-
This one covers the back end part: https://stackoverflow.com/questions/2257597/reliable-user-browser-detection-with-php – dferenc Dec 08 '17 at 20:27
1 Answers
0
Assuming that the connection between your app and the backend is via HTTPS, you could use client-side certificates to authenticate the caller (your app) to the backend server. Only if the caller provides the right certificate the transaction could move further.
Note that this is not unbreakable: someone who has access to your app can extract the certificate and replay it. This is not obvious to do so if you want a reasonable but not NSA grade solution it would be acceptable.
A simpler solution would be to send a hard-coded authentication token as part of the transaction, checked by the backend.
WoJ
- 27,165
- 48
- 180
- 345
-
actually Im not that good to do this method , Im looking for an easiest way , look what I've found after making some research :I can set a manual user agent in my webview and then block every user agent except that one using .htaccess , what do you think ? – Chaouki Anass Dec 08 '17 at 22:39