user3534805 user3534805 - 1 month ago 10
Android Question

How to verify https requests coming from anroid app on server side?

I have two apps. First app is the node js server with outh2 authentication. Second is the android app, whit send http requests to the server. How to verify http requests coming from anroid app on server side? Let's say developer uploads apk fingerprint of apk cert to the server and sign each http request. Using fingerprint of apk cert, uploaded to the server and later request verification?

Answer

Typical HTTPS allows a client to verify that it's talking to the server it expects. You want that, but also to have the server verify that it's talking to a well known client. This is known as mutual authentication.

Implementing this is beyond the scope of what I could describe here, but if you google the topic it will get you started. As is the case with all security mechanisms, don't roll your own. You will almost certainly make mistakes that have already been made and resolved by others.

Comments