I'm currently fairly new to Java and developing Android apps, and I rely on Google to find out the most about what I did for my first app. I am currently using the Google App Engine for my application using Eclipse. I can write a backend API and create endpoints for my application. My application can receive the right calls and retrieve information from my data warehouse. However, I am a little confused about how the backend works at the scene location, and I'm a little worried about the security of my data warehouse.
My questions:
1) Who will be able to access my endpoints? So far I have checked the Google API Explorer and do not see any methods for my endpoints. Can someone decompile my APK, find my application id and create an application that can call my endpoint methods? I understand that I can protect it using client identifiers, etc., but if someone could fake it, would they gain access to my endpoint methods?
2) Is my backend protected? Can anyone read my backend code? My assumption is that the code that I write in Eclipse and deploy to Google will run on the server, and the application code contains only its calls. (This may seem like a silly question, but I did a lot of research and still can't find the answer.)
-Edit- I did more reading, and I believe that someone can download and read the code only if they have administrator access to the application administrator. As for the backend for my application, this is just an extended servlet. Someone can only access these methods if their client ID matches the ones I installed. Correct me if I am wrong.
3) Is the only access to my data warehouse based on what I wrote for the backend? So, for example, I have a function called getUser () that gets user information from a data store. Will the person who has access to my backend only be able to use the getUser () method and cannot manually call datastore.get (userKey) (if this person was somehow able to get the key)?
Study:
. , . , , , , , . , .
.