So I just did a bit digging and found out that storing any type of passwords in any java application (in my case, android application) is not safe as the password can be retrieved by anyone by decompiling the java code. Now, on net, I, somewhere, also learned that a better way to interact with any database (my case), such as mysql, would be to create a web interface which by some way can differentiate between anyone else interacting without my app and someone interacting with web interface through my app. So, can someone tell me how to do so or if there is any better way to accomplish what I want to?
for this you can check out firebase to interact with database and create your web application and mobile application based on that data . And there you can differentiate in them.
One way which you already know is to create a web service layer which accesses your database.
Another way would be to use a BaaS to have a direct web layer access to a backend. There are many available BaaS solutions which would help you with this.
Third and best way in my opinion for new coders would be to use an existing auth service like Firebase Auth. This will pretty much give you all the features out of the box eg... signup emails,password resets, multiple login methods and their Firebase Auth UI will give you login screens without almost any code. Check it out, it actually is pretty good if it suits your needs
Maybe chrome custom tabs are what you're looking for? They let you open an instance of chrome from within the app https://developer.chrome.com/multidevice/android/customtabs
Related
I need to create a Rails app which in the future will need to share the same database with a native app.
As I am still quite inexperienced I would like to understand which way is the best to have the 2 app share the same database, in this case I will use postgresql.
I'm thinking of using postgrest for it but I'm unsure if there are any better/ faster ways.
which way is the best to have the 2 app share the same database
The best way is to not share database at all. Mobile app does NOT talk to database directly. Instead, it should talk to an api server, which will provide needed data and perform appropriate checks (user credentials, etc.)
The API server may be implemented as part of the same rails app or a separate app.
Another way might be to expose a read replica for your database to the mobile which can access the data directly through it via the API calls.
There are lots of options, depending on what you are trying to achieve with the web app. You can look into BAAS's such as Firebase or similar products. However, if you are already using rails, you try the new Rails 5 API mode, where all your controllers and models are preformatted to serve JSON making it slightly easier to get your API up and running for your native app.
An API (to clarify your understanding based on your comments), is a layer that will deal with creating, updating, editing, and deleting things in your database. You will have to define it using your own code (or rails generators if your app is very simple). This layer is so you can insert business logic before the database operation is performed based on the request sent from your app.
I have a question that probably has a straight forward answer, but I am asking here to make sure.
If I want to develop an app with users (e.g. Snapchat, Wordfeud etc.), how do I do it? Do I have to use a database of some kind? The users will not have much information stored to them, say nothing more than a username and a score collection.
Can I do this without using databases?
And how do I even set up an app for having users?
You need a database.
For the simplest, you can set up a MySQL database on any server, and make queries to it.
You can follow this tutorial: http://codewithchris.com/iphone-app-connect-to-mysql-database/
You will need a database if you want to implement some functionalities like friendlist and sending messages.
To handle the authentication, Google has built in tools to help you :
https://developers.google.com/identity/sign-in/android/sign-in
I have already an location based app which functionality i want to expand:
A user can login to this App via Facebook and also other users are logged on their own Mobilephone. Both can see the location of the other.
So basically an location aware meet people APP :-)
How can I do this? Backend with PHP and mysql database?
Are there already existing solutions I can use?
Tutorials available describing this?!
the infrastructure you need is achievable in many many programming languages and many types of databases.
In the end what you need is a server running that can store the location data sent from the users. Ideally i would tell you to use webservices in order to achieve this.
Next, you will need to implement a location service app that works on the user smartphone and uses the web services to send information and get information to and from the server.
Programming languagens you can achieve this are so many. For example, in the back end you can use a mysql database with a tomcat server. if u need a front-end for the server you can use java server pages, php, whatever u feel more confortable with.
for the mobile phone there are hybrid application for different OSs. for android specifically you will use java. if u want to save some info in the phones you can use a SQLite database. this is important if you want to send data only when internet connections are available.
Those are the kind of things you have to deal with. Hope i helped you.
Good luck.
I want users to send textual feedback to myself(the developer) directly(without involving Google Play).
Hence, I can get the suggestions to improve my app directly to myself, instead of users writing negative reviews on Google Play.
I do not own a website nor have access to any server.
I do not want to use ACTION_SEND, as that opens an email app.
I'm an android beginner and this is my first app.
Maybe that data can be stored in a database(on cloud, common to all users) that I can access at any time I want?
After researching, I think GCM is supposed to be used, but I no idea how to go about it.
Please tell me the easiest way to implement this.
Thank You.
That is not what exactly what GCM is for. GCM is primarily for sending data from the cloud to the the devices.
You are correct in thinking that one option is to store the data in a database in the cloud. You could use http://pythonanywhere.com free account and build a web app that provides you endpoints which will save and retrieve data to a SQLite db pretty easily (if you have knowledge of python and server side web concepts).
Another perhaps simpler option is to use a pre-existing cloud database solution http://www.parse.com is a cloud backend that also has a free-to-use option that you can use to store arbitrary data. It is pretty easy to get up and running if you follow their many nice Android tutorials.
One last option I will present is to use a Google Spreadsheet with a Form associated to it. Once you create a form if you know the right url and parameters you can send a post request to insert arbitrary data into your spreadsheet. I've created a library that simplifies the process of uploading. GoogleFormUploader. If you need help getting your form set up you can watch the relevant portion of my video tutorial covering this topic
We have an android and ios app which sends data and commands to a server with http webservice. How can i prevent the possibility, that fake-clients also can send something to the server? How can I determine serversidely if the data/command really comes from our apps.
You cant really prevent it. There are several techniques to make it harder for people abusing your services.
A simple check can be to check the user agent calling your webservice. Another pretty common one is to use a simple authentication via user/password authentication on your webserver. The username and password will be embedded into your app.
If you have enough time you should think about using a combination of this two methods plus authentication with a embedded ssl certificate. You simply could add this to your project and if someone really want to abuse your service, he have to extract this certificate atleast form your application.
There are some other useful techniques but you cant prevent reverse engineering or network sniffing.
Sincerely,
fuxx
The most robust solution is not to try. Techniques like DasFuxx's answer suggests can make it faintly harder, but someone can always decompile your application and get whatever secrets you have embedded in it.
Instead, follow the rule of multiplayer game development:
Don't trust the client.
Don't think about your application as the user interface. Think about your network protocol/API as being the user interface; then design that interface so that it cannot be abused.
It may not be possible to do so completely, but insofar as you succeed, you have true security (rather than fighting the same losing battle as DRM systems).
I would implement oAuth. See the following link for more information on how to implement such a solution.
You can't. It's that simple...