All geek questions in one place

Prevent "fake client" for ios application

We have an android and ios application that sends data and commands to the server using http webservice. How can I prevent the possibility that fake clients can also send something to the server? How can I identify servers if the data / command really comes from our applications.

+4
source share
4 answers

You cannot prevent it. There are several methods that make it difficult for you to use your services.

A simple check may be to check the user agent calling your web service. Another fairly common is to use simple authentication using user / password authentication on your web server. A username and password will be added to your application.

If you have enough time, you should consider using a combination of these two methods plus authentication with an integrated ssl certificate. You can simply add this to your project, and if someone really wants to abuse your service, they should extract this certificate from at least your application.

There are other useful methods, but you cannot prevent reverse engineering or network sniffing.

Regards, fuxx

+9
source

The most reliable solution is not to try. Methods like DasFuxx's answer can make it a little more complicated, but someone can always decompile your application and get all the secrets you put into it.

Instead, follow the rule for developing a multiplayer game:

Do not trust the client.

Do not think of your application as a user interface. Think of your network protocol / API as a user interface; then design this interface so that it cannot be abused.

You may not be able to do this completely, but as you succeed, you have real security (rather than fighting the same losing battle as DRM systems).

+3
source

I would do oAuth. See the following link for more information on how to implement such a solution.

+2
source

You can not. It's simple...

+1
source

Source: https://habr.com/ru/post/1395013/

More articles:


All Articles