0

If another company plans to load my website in their apps as my website is public, is there a way to detect requests originated from my app vs other apps in iOS, so that I can Identify a block the requests?

I have tried Setting custom "User-Agent" in request headers or other custom headers but that was mimicked by the other app.

Android has "X-requested-with header" that is in request headers by default with application ID, is there any similar header in iOS ? The header value can also be changed by other apps to match my app ID but for POST requests, requesting images the workarounds are slim.

Edit: As an example, If there are two iOS apps, Good and Evil, if they both load the same URL on WKWebview, How would you distinguish from the server side the difference and block or restrict Evil app.

Considering app ID is the unique ID, does WKWebview append it to request headers or part of the request that cannot be changed?

Ryan M
  • 18,333
  • 31
  • 67
  • 74
DroidDev
  • 789
  • 9
  • 19
  • 2
    Why in the world would you want to prevent your **public** website from being viewed? – DonMag Mar 23 '21 at 21:31
  • I do not want to serve requests coming from another app that is just using webview to load my website and screen scraping it – DroidDev Mar 23 '21 at 21:50
  • There is no way to have a web site both publicly available and secured; That is a contradiction. You can implement some form of authentication between your app and your website, even if it isn't user-based, say a HMAC. You could require the app to correctly respond to some form of random challenge and include the response in a header, but even that can be attacked. It does make it harder for the attacker though. – Paulw11 Mar 23 '21 at 23:26
  • You could look at [App Attestation](https://developer.apple.com/news/?id=2sngpulc) but it isn't trivial to set up. https://developer.apple.com/documentation/devicecheck/validating_apps_that_connect_to_your_server – Paulw11 Mar 24 '21 at 00:47
  • Why is this tagged [android]? – Ryan M Mar 24 '21 at 02:16

0 Answers0