I'm developing a mobile application that should contain the same site content, and the same database ( MySQL mobile application.
I believe that creating a direct connection from the mobile mobile to the remote database would be a security flaw because anyone could open apk and discover the connection data, so it would be necessary to create a Webservice exclusively for this data transfer, but also in my concept would have the same defect: and send or receive information.
What is the best technique for transferring data between a Webservice and a mobile application and this webservice needs to be "closed" external and unauthenticated.