Check if http request comes from my android app

Question

I retrieve data from an external server for use with my android application. I would like this data to be only accessible with my app. I use a standard http connection to ge

Answer 1

One of basic rules of security is: you don't trust client data. Ever.

You should consider your app decompiled, all "secret" keys known to attacker, etc.

You can, however, hinder attacker's attempts to forge your requests. Sending (and verifying) checksum of your request is one of methods (your idea of MD5(secret_key + params)).

You could also switch to a binary encrypted protocol. But this requires MUCH more work and quite a different architecture of server.