encryption - How to get unique key from android application dynamically that only my app knows about ? -

-

i have gone through similar questions on stackoverflow , other sites not find satisfactory answer.so asking new question detailed requirements.

we building android application , need communicate application server.

there handshake between application server , android app identify android application valid source , 1 server generated unique device key or auth key.this auth key stored on application.

now generate auth key server idea take predefined or mutually agreed string "hello world" , encrypt strong symmetric encryption algo using key "key1".then server decrypt using same algo , same key.when server decrypts if gets "hello world" knows source infact android app.

now next steps server generates auth key , encrypts same symmetric key algo , sends android app.android application decrypts , stores locally.

now not want hard code symmetric algo key "key1" on application side because can decompile apk , know algo , key write automated batch flood server requests(ofcourse server side check there check flooding,but want avoid on application side).

i have read following solutions web ;-

  1. use package name identify uniqueness of application.

  2. generate key hash of signing certificate.

but information known public.my idea use same unique string encryption key also.

if has encountered similar problem , kindly guide.or thinking in wrong direction , thing cannot implemented on app side ?

kindly share experiences.

you can't. key use going baked app. can trivially decompiled. why isn't cryptographically possible identify application. can authenticate user, such through password. because in case attacker can't @ secret without attacking user rather application.

see https://security.stackexchange.com/questions/826/how-can-i-securely-authenticate-the-client-application-sending-me-data


Comments

Post a Comment

Popular posts from this blog

python - No exponential form of the z-axis in matplotlib-3D-plots -

-
Image
i have similar problem described in how prevent numbers being changed exponential form in python matplotlib figure : i don't want (in special case) weird scientific formatting of axis. problem different have problem @ z -axis. 2-d plots can use ax.get_yaxis().get_major_formatter().set_useoffset(false) . , there no function ax.get_zaxis() what use format z -axis same way? edit: example: from mpl_toolkits.mplot3d import axes3d import numpy np import sys import matplotlib import matplotlib.pyplot pyplot def func(xi, ti): res = 10e3 + np.cos(ti) * np.sin(xi) return res if __name__ == '__main__': timespacing = 20 timestart = 0 timeend = 1 time = np.linspace(timestart, timeend, timespacing) widthspacing = 50 widthstart = 0 widthend = 3 width = np.linspace(widthstart, widthend, widthspacing) reslist = [] matplotlib.rcparams['legend.fontsize'] = 10 fig = pyplot.figure() ax = fig.gca(projection = '3d...
Read more

php - Best Light server (Linux + Web server + Database) for Raspberry Pi -

-
i install web server database on raspberry pi (little computer). computer has 1gb ram. i want know best combination: linux distribution , web server , dbms run local server multiple users minimal latency, use php on server. , best settings performance , not have bugs (memory usage, disable plugin, disable service, etc)? i thought light debian , lighttpd server , sqlite database. solution? i think lighttpd + sqlite great choice. linux distro, debian @ centos or tiny core linux , although i'm not sure of compatibility pi. obviously, can't go wrong raspbian if want use in production , more stable performance, few more pi's , set them in cluster .
Read more

c# - "Newtonsoft.Json.JsonSerializationException unable to find constructor to use for types" error when deserializing class -

-
i developing app in xamarin android. have splash screen serialize class , pass mainactivity using intent . when try deserialize in mainactivity error message : "serializationexception unable find constructor use types" serialization : void loaddata() { currency currency = new currency(this); intent = new intent(this, typeof(mainactivity)); intent.putextra("currency", newtonsoft.json.jsonconvert.serializeobject(currency)); startactivity(intent); } deserialization : cur = newtonsoft.json.jsonconvert.deserializeobject<currency> (intent.getstringextra("currency")); // error here class constructor : public currency(context context) { thiscontext = context; } i began experiencing problem after added parameter context context constructor. has caused this? how can solve it? possible serialize/deserialize class has parameters? you need have empty constructor in currency class in order deserialize it. ...
Read more