How To Secure Web Service Without Login

Question

I have a mobile app (currently IOS and soon Android) which talks to a web service. There is no login and the data is not private. Basically, the app POSTs a marker (lon, lat

Answer 1

Here is another "solution":

• don't waste time on this issue.

because:

• you don't expose a public interface to the world, so you are free to change your webservice interface at any time via update of webservice and an update to your app.
• the app is "very trivial" (as you called it) and probably isn't used much at the moment
• you probably have better things to do right now and are just consuming time

if there are suspicious performance or query spikes go for the least time consuming solution:

• introduce a password (clientid) saved in your app (blocks 95% of these users) this clientid can later be used to identify different clients if other programmers want to legally access your service
• introduce rate limiting (as mentioned above)

this will in 99,99% solve your problems and you can get to work right now and write awesome new features.