Android Question A way to hide the url ?

tufanv · Jan 31, 2017

Hello

I am using httpjob to get some data from a xml feed. I want to hide the url of the feed inside the app so that if someone uses a network monitor or stg like that , they wont be able to see the link but i don't think it is possible , is it ?

Thanks

sorex · Jan 31, 2017

the only way to do it is with some middleware. you call you own server and the server pulls the data from the other site.

Erel · Jan 31, 2017

Make sure that the string itself is a process global string so it will be obfuscated.

If the url is a https url then only the host name will be revealed with a network sniffer.

tufanv · Feb 6, 2017

Erel said:
Make sure that the string itself is a process global string so it will be obfuscated.

If the url is a https url then only the host name will be revealed with a network sniffer.

Thanks Erel,

perfect for b4a and for b4i ? It is same for the https but what about the string URL ?

KMatle · Feb 6, 2017

tufanv said:
but what about the string URL

The URL can't be encrypted. Like Sorex said, you can only use a server between which calls the real server.

It's like sending a paper mail. You can encrypt the content but the address has to be written on the envelope.

tufanv · Feb 7, 2017

KMatle said:
The URL can't be encrypted. Like Sorex said, you can only use a server between which calls the real server.

It's like sending a paper mail. You can encrypt the content but the address has to be written on the envelope.

Am I understanding wrong or Erel says different ? If the string is obfuscated and netwrok cant be sniffed ( ony hostname no problem but i use an api key while getting a data )

udg · Feb 7, 2017

Obfuscation keeps your string URL "safe" from reverse-engineering your code, while https protocol protects communications between your app (obfuscated or not) and the intended server.
As an extra protection layer, you could direct your app to a server which in turn calls the intended one, so that sniffing communications between your app and the first server will lead to discover that "false" server and not the final one.
If you choose the latter setup, you could embed your secret API key on the middle server so that your app will have no notion of it. In that case the middle server will receive commands from your app and properly format them for the final server (returning responses back to originating app).

Android Question A way to hide the url ?

tufanv

Expert

sorex

Expert

Erel

B4X founder

tufanv

Expert

KMatle

Expert

tufanv

Expert

udg

Expert

Similar Threads