What is the best way to create a mobile application that communicates with a Webserver?

4

I'm developing a mobile application that should contain the same site content, and the same database ( MySQL mobile application.

I believe that creating a direct connection from the mobile mobile to the remote database would be a security flaw because anyone could open apk and discover the connection data, so it would be necessary to create a Webservice exclusively for this data transfer, but also in my concept would have the same defect: and send or receive information.

What is the best technique for transferring data between a Webservice and a mobile application and this webservice needs to be "closed" external and unauthenticated.

    
asked by anonymous 01.12.2015 / 17:52

2 answers

2

From the moment you need to create a webservice / API for mobile client access, your webservice becomes public. And public webservices will always be subject to unauthorized access since so your application needs to necessarily contain the information to be able to access it.

However, techniques exist to make your access data less vulnerable. The most common is to use Proguard to obfuscate your code in case of reverse engineering. SSL to prevent mitm and sniffers and more advanced encryptions like HMAC authentication.

But none of it is 100% hacking proof.

    
01.12.2015 / 18:16
1

HTTPS (Hypertext Transfer Protocol Secure) is an implementation of the HTTP protocol over an additional layer of security that uses the SSL / TLS protocol. This additional layer allows the data to be transmitted over an encrypted connection and the server and client to authenticate through digital certificates.

Source: wikipedia

    
01.12.2015 / 20:22