I need to develop an API that will receive the data of a user in json via $ _GET with PHP, which will do the verification of the data and return a true or false value for the Android application.
I am currently using AES encryption to send json via $ _GET, where the API will use the key to decrypt and return the required data, but I believe it is not a very secure system, since any user could access the URL of the API directly from the browser (although you can not use it because you do not have the Key).
I'd like to know how I can improve this system in terms of security.
/ * Obs * /
Currently as my application needs to encrypt the data and send it to the API, so that the inverse happens afterwards, I keep an Encryption Key in a variable inside the APK, which is not really safe because the application can be broken, and with the source code available anyone will have access to the API key.