i am developing an android app. it's using php rest api for database process. what is best way make it secure.
i can send and recieve datas from android studio but this means anyothers can
readed about googleauthutil (year 2022 and i don't know its still valid process)
if java codes in android studio could be hidden i wouldt set a key like '054ss6yTTYd545d' server side and app side, and wouldn't need to ask this question
thank you
CodePudding user response:
1-Encrypt data and generate always same encryption key on run time with your app package name. decrypt data in API(server side) with same key.
2- store your private key in gradle and use it to encrypt data
3- use access token on all APIs calls after login(token must be provided from server on every login (manage session time of token))
4- use Authorizations
5- Take your base URL in Gradle file