Security for android app
Quote from asmat on July 9, 2019, 9:48 pmIs any way to encrypt the source code of android app?
I made an application two days ago, now i know someone have decoded my application and have extracted some information from source code of my application.
my application contain a submit form. i think this guy get the address of "action form" and property-name of each inputs.
and then made a sample form with the same address. and submit to my database wrong data with a loop.
how can i avoid from above risk?
Is any way to encrypt the source code of android app?
I made an application two days ago, now i know someone have decoded my application and have extracted some information from source code of my application.
my application contain a submit form. i think this guy get the address of "action form" and property-name of each inputs.
and then made a sample form with the same address. and submit to my database wrong data with a loop.
how can i avoid from above risk?
Quote from luishp on July 10, 2019, 7:24 amHi @asmat, this is a very common problem on web sites and apps.
There is not a client side solution as it can be easily decoded.
Possible solutions:
- Using a server side captcha.
- Server side data validation.
- Only registered users can post.
Some usuful links regarding captcha generation in PHP:
https://www.allphptricks.com/create-a-simple-captcha-script-using-php/
https://codingcyber.org/simple-captcha-script-php-5765/
https://github.com/yasirmturk/simple-php-captchaAre you using neoPHP plugin on server side or your own script?
I'm thinking about adding a captcha system in neoPHP plugin.Regards.
Hi @asmat, this is a very common problem on web sites and apps.
There is not a client side solution as it can be easily decoded.
Possible solutions:
- Using a server side captcha.
- Server side data validation.
- Only registered users can post.
Some usuful links regarding captcha generation in PHP:
https://www.allphptricks.com/create-a-simple-captcha-script-using-php/
https://codingcyber.org/simple-captcha-script-php-5765/
https://github.com/yasirmturk/simple-php-captcha
Are you using neoPHP plugin on server side or your own script?
I'm thinking about adding a captcha system in neoPHP plugin.
Regards.
Quote from asmat on July 10, 2019, 4:21 pmThanks for your information.
unfortunately, I have used a google spreadsheet as database for this application.
Thanks for your information.
unfortunately, I have used a google spreadsheet as database for this application.
Quote from Gaev on July 10, 2019, 5:45 pm@asmat
unfortunately, I have used a google spreadsheet as database for this application.
Is your App accessing the long obfuscated url (like https://docs.google.com/spreadsheets/d/1_N28EMmecM7P9jMP3smUTqEeZpkxhblahblahblah ) to directly access the information in the sheet ?
Goggle has its Apps Script facility (https://www.google.com/script/start/) that allows you to ...
a) serve get/post requests from a client App
b) access information in your Google SheetsThese scripts have to be coded in Javascript; because they are resident on Google's servers, hackers can not examine them.
You can use these scripts to challenge/thwart any malicious attempts to corrupt your data.
Like @luishp said, you have to have "registered users" to ensure against these hackers.
unfortunately, I have used a google spreadsheet as database for this application.
Is your App accessing the long obfuscated url (like https://docs.google.com/spreadsheets/d/1_N28EMmecM7P9jMP3smUTqEeZpkxhblahblahblah ) to directly access the information in the sheet ?
Goggle has its Apps Script facility (https://www.google.com/script/start/) that allows you to ...
a) serve get/post requests from a client App
b) access information in your Google Sheets
These scripts have to be coded in Javascript; because they are resident on Google's servers, hackers can not examine them.
You can use these scripts to challenge/thwart any malicious attempts to corrupt your data.
Like @luishp said, you have to have "registered users" to ensure against these hackers.
Quote from luishp on July 10, 2019, 6:04 pm@asmat, I'm afraid using Google SpreadSheeets as a database solution is a bad security choice.
It could be fine for READ access, using your Google account as a backend for updating the data yourself, but as soon as you grant WRITE access to anyone, you are exposed to be hacked quite easily.
Sorry.
@asmat, I'm afraid using Google SpreadSheeets as a database solution is a bad security choice.
It could be fine for READ access, using your Google account as a backend for updating the data yourself, but as soon as you grant WRITE access to anyone, you are exposed to be hacked quite easily.
Sorry.