-1

I have created and published on Google Play an Android app that communicates with my server. I want to check that my server (Java Servlet) only accepts requests from this Android app, so that if someone clones my code and creates a new app, when it tries to communicate with the server, the requests are rejected.

Is there a way to do that? Perhaps with domain names, or signed apps,...? This is to prevent phishing attacks.

1 Answers1

1

You can get your app's signing key and check it on your server, but someone can get this information. If you use https for your connection, and use proguard, I think it's disincentive enough.

Community
  • 1
  • 1
Hyperion
  • 362
  • 6
  • 15
  • So with proguard no one can get the signing key of my APK using the technique of the second link? –  Jul 04 '15 at 10:48
  • 2
    They still can get signing key, but can't trace your connection because of https, and can't read your code with decompile (easily) because of proguard – Hyperion Jul 04 '15 at 10:54