1

I am doing an HTTP Post from Android like:

HttpPost httppost = new HttpPost("example.com/ex.php");

PHP receives the request does what it is supposed to and sends the response back to Android.

When I decrypt the APK I show the URL (example.com/ex.php) I want to encrypt this URL. I used Pro-Guard but not give me any benefit still I can see the URL.

Is there any way to encrypt this URL or there is a way to make certification on server side?

Improve this question
3
  • 2
    Huh? By the time the Android app. goes to use the URL it must be decrypted, right? If so, an hacker might download the app. to a desktop computer, run it in an emulator, and use one of many tools to see what URL is being visited. Seems pretty pointless.. Commented Jan 1, 2014 at 17:39
  • Just to clarify, you want to encrypt the URL as it lives in your object code, in order to prevent reverse engineers form discovering it. Commented Jan 1, 2014 at 17:39
  • yah but whate is the best way to do post with encryption Commented Jan 1, 2014 at 17:40

2 Answers 2

Reset to default
1

Never put sensitive data in the URL of your request. Use SSL and store the sensitive information in headers or in the content.

Reasoning is:

If you encrypt the URL on the device, where would you store the encryption key? You are back to the same problem.

Even if you securely stored the URL or got it from somewhere externally, anyone on your network can see your network traffic plain as day.

That's what SSL is for - it will handle this better than we can.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

do you have any example how can I use ssl in server side (domain)?
Since you are using php here is a starting point php.net/manual/en/mysqli.ssl-set.php
Does DexGuard enough to avoid reverse engineering to show string in apk?
You can't do it. Read my answer again. The best you could hope for us to prevent casual reverse engineering by a novice. But don't fool yourself, nothing is foolproof.
0

Obfuscation (Proguard) will not help. You need to "encrypt" or hide it yourself.

This is similar to the question asked here:

hiding strings in Obfuscated code

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.