Secure Web-service Url in Android

This is serious problem that every one facing . How to secure Web-service URL if someone decompile the application.

Now a Days there are lots of tool that decompile the apk file and give possible java code. In code we have our Web-service url . Now that person have that url and get to know some important thing that we don’t want to disclose.

Even Using proguard it not Convert String resource to any secure resource.

So I research to that and have one idea that will help to secure our web-services.for that You will require only a single URL that call setup-url will setup all the stuff you want. I divide it in some steps.

Step 1 : Create Explicit Sqlite Database and insert your setup-url in any table and store it in asset folder.

Step 2 : At the Time of Execution store it in your data/data/your package/databases Location.

Step 3 : Now With Your java class File select that url from table.

Step 4 : Now while executing this web-service Pass one POST parameter as Token with it, Now at Web-service it will check first is the call is valid (Means from application) or Not. If yes then application will access the Url as response and then store it locally. If no then It will ask for token or redirect to the forbidden page.

Hope it will help to secure.

I will soon upload apk file and the sample code.

All suggestion are welcome.

THANK YOU FOR READING

Advertisements

5 thoughts on “Secure Web-service Url in Android

  1. In Step1. You said to save URL web service in sqlite db, and save this database into asset folder? If i am a hacker, i will decode this apk file and get everything within asset folder, of cource get that database @@. how is safe?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s