-
Welcome to B4X forum!
B4X is a set of simple and powerful cross platform RAD tools:
- B4A (free) - Android development
- B4J (free) - Desktop and Server development
- B4i - iOS development
- B4R (free) - Arduino, ESP8266 and ESP32 development
Android Question Prevent hack url
- Thread starter Blue.Sky
- Start date
- Similar Threads Similar Threads
How the payment is implemented?
I suppose you only need server-side code (PHP scripts, for example).
Last edited:
Upvote
0
Yes your suppose is right
Assume i have a link (www.example.com/payment) in app
now when i click button,redirect webview to up link
Now i anybody change up link to other link,so it hacked
Upvote
0
Two things here.
1. If your worried about the hacker cracking the app so itll run as the full version, by simply changing the payment URL. Well thats not likely to happen because the hacker would have to analyze the code to figure out which parts need set or executed to allow the App to run in the full version mode. And by the time he figures that out, he wouldnt need to change or even use the URL anymore. it would be pointless. Then the hacking techniques get published to an app called lucky patcher. If its worth patching for someone. Also the google authentication/licensing/payment libraries most people use in their apps, are hacked badly. I mean so hacked to the point that lucky patcher can generate "licenses" for most apps that use them. Dont use them unless your forced to! Also when people use Ads on the free versions of the apps, they use again, public Ad libraries and servers. Again, hacked and patched!
2. If your worried about hackers changing the URL to phish/steal CC information from consumers, Again they would need to figure out how the app works and what types of input/output it expects so they dont "break" it with the phishing. But, Again, if your app is published in the Google Play store, the hacker cannot change and reupload the app with your signature or your account. Where are they going to publish a hacked app that a consumer could trust? So unless the consumer/user is a bumbling idiot and downloads the app from an untrusted 3rd party, its likely not going to happen in the traditional manner. Another thing you can do is implement SSL using your own keys. So unless the hacker has the private key, any URL/Server change will break the SSL trust chain, unless hes good enough to decompile the app and change the properties for the SSL.
1. If your worried about the hacker cracking the app so itll run as the full version, by simply changing the payment URL. Well thats not likely to happen because the hacker would have to analyze the code to figure out which parts need set or executed to allow the App to run in the full version mode. And by the time he figures that out, he wouldnt need to change or even use the URL anymore. it would be pointless. Then the hacking techniques get published to an app called lucky patcher. If its worth patching for someone. Also the google authentication/licensing/payment libraries most people use in their apps, are hacked badly. I mean so hacked to the point that lucky patcher can generate "licenses" for most apps that use them. Dont use them unless your forced to! Also when people use Ads on the free versions of the apps, they use again, public Ad libraries and servers. Again, hacked and patched!
2. If your worried about hackers changing the URL to phish/steal CC information from consumers, Again they would need to figure out how the app works and what types of input/output it expects so they dont "break" it with the phishing. But, Again, if your app is published in the Google Play store, the hacker cannot change and reupload the app with your signature or your account. Where are they going to publish a hacked app that a consumer could trust? So unless the consumer/user is a bumbling idiot and downloads the app from an untrusted 3rd party, its likely not going to happen in the traditional manner. Another thing you can do is implement SSL using your own keys. So unless the hacker has the private key, any URL/Server change will break the SSL trust chain, unless hes good enough to decompile the app and change the properties for the SSL.
Last edited:
Upvote
0
If you want a serious protection against hacking, I know only one for now at an affordable price: mine. Only top hackers will be able to defeat it. Here are the details about the guides and libraries.
Upvote
0
A hacker, even a newbie, should be able to do that. Changing something in a compiled APK is very easy and there are many sites on internet explaining how to do. Decompiling to Java is not even required... I explain the techniques really used by hackers in my guides.
I agree that people who download a copy on a dubious internet site and use it to send private info are naive, but that happens every day unfortunately. Here's an example: http://www.welivesecurity.com/2014/04/22/facebook-android-bank/
Upvote
0
