Check if http request comes from my android app

Question

I retrieve data from an external server for use with my android application. I would like this data to be only accessible with my app. I use a standard http connection to ge

Answer 1

Android requires that one should sign their app(signing authority or self signed) before it can be installed. We can utilize this to check whether requests are coming from your app or not.

1. Sign your app with your certificate.
2. Find the certificates signature and save it in your backend server.
3. For every request, expect this signature to be sent by the app.
4. validate the signature sent by the app at server level and accept only if they matches.

Even in that case where someone tampers with your app, he has to sign it again before it can be installed, which would change the apps signature and our validation mechanism would simple reject all such requests.

This answer is based on this blog. Use https for app<->server communication.