I'm trying to send secure user data between iPhone and Android clients to a Google cloud endpoints backend. However, when I look at the network log, I can see the data unencrypted, despite the url of our app engine project being https. Is there anyway to securely send this data over a network, or do we have to encrypt it on the iphone and android and then decrypt it in our app engine project manually?
Is this log part of the development stack, or an independent program like Wireshark? If it's the former, I believe the client libraries log the unencrypted data to ease debugging. Something like Wireshark should just show an HTTPS stream, and not plaintext.
Related
I want to develop a system in which data is being shared between DESKTOP app and Android app.
After searching I have found that I need a server in between them. But I can't figure out what the server is? How do I create it? And how will it help me connect my two platform devices?
Desktop App will receive data from android app. And manage data. It will also be used to send notifications/messages to android apps.
Android App will be used to input data and send it to desktop app. It will receive updates/notifications from desktop app.
Now how do I connect these two? I basically need a common database for real-time data sharing and notifications.
Edit: I am building the desktop app using C# and android app using Java.
Edit2: Maybe I can host the database on CPANEL or 000webhost using PHP. And then connect it with both android and C#. Is this the correct way to do it? Is it possible to connect it with C#? I know it can be connected with Android, not sure about C#.
You don't necessarily need a database. You need a common network protocol between two applications.
All network communication is done via sockets. You need a library that allows you send data over sockets. For example, here's an Android guide that is about sockets.
A socket binds to a specific port of a computer, essentially making it a "server". Much like how web servers all expose port 80, and communicate over a protocol called HTTP. Which is important because it is up to you to decide what protocol your applications communicate between each other, because the socket just sends bytes - it doesn't care what you send or how, as long as it travels to a port on a particular server. It also won't parse the data for you, that's up to your application to handle. For example, how would your desktop app know the Android device sent it a text message, or some image to be displayed, or an address to show a map?
All in all, your reason for wanting a desktop application rather than a web application is not entirely clear. Parsing only the body of HTTP payloads from different HTTP paths that are mapped to different methods (which is typically referred to as a REST API) is much simpler than building your own protocol. You might as well build a desktop GUI over top of a web server.
Making the desktop app send updates back to your mobile application is basically impossible using a bi-directional socket architecture. Your Android should not be running an open server socket continuously just for your application, mostly because battery drain, but because its network address is subject to change frequently, and you therefore additionally need a registration server from which your device would reconnect to. Such a service exists as Firebase Cloud Messaging, which is a rebranding of the GCM technology made by Google, and it can be used to send push notifications to devices, but only with small data payloads.
See here about what activities occur on an Android device for notifications. How does push notification technology work on Android?
Back to the question about databases. Suggesting one to use is too broad. And you only need one of those if you want to store and/or query or join datasets. The same computer running the desktop app can install and run whatever flavor of database you prefer, whether it's a relational database or noSQL database, entirely up to you. The only realtime databases I know of are RethinkDB and Firebase.
You could also just hold a SQLite file which is as good as a small scale database (even the SQLite documentation recommends it for low traffic web sites).
Firebase supports web interface, so you can develop html code and integrate in desktop app, something like web integration in windows form application
I wish to have an overview on this scenario.
Please be layman term, I am slow learner.
Here is the scenario:
Android mobile apps connect to the cloud, then the cloud will return a website link for me. eg. http://www.example.com/123
Website link to be return can be control by admin on the cloud.
Mobile apps will only request the link from cloud.
The cloud there will only sending the link to the mobile apps when have request.
Problems:
What is cloud? what can be done on cloud?
How to connect the mobile apps to the cloud?
What need to be done on the cloud? host a server?
How the mobile apps connect to a website link? using uri will redirect me to the browser. i wish it can be just connected.
Thank you very much.. ^^
What is cloud?
In the simplest terms, cloud computing means storing and accessing data and programs over the Internet instead of your computer's hard drive. The cloud is just a metaphor for the Internet. In this case it refers to your server. Which you may need to purchase. (Server space + domain name[optional]).
What can be done on cloud?
Accept some requests from the client and return some data.
What need to be done on the cloud? Host a server?
The server has to be configured so that it can receive requests from the clients (mobile app). For this you need to install a Web server application like Apache, tomcat, ngnix, IIS, glassfish...etc (this depends on your server code). Also you need an application where you need to write the logic to handle the requests and return the response (In your case the website link). The application can be wriiten in PHP, Java, Python, javascript, .NET,..etc. The client communicates with this application.
How to connect the mobile apps to the cloud?
How the mobile apps connect to a website link? using uri will redirect me to the browser. I wish it can be just connected.
Basically (on Android) you make a simple URLConnection to the server from your code. Or you can use some libraries like Volley or Retrofit. Make sure your app has INTERNET permission. These are a million (more maybe) tutorials on the internet that can tell you how.
use free hosting or purchase hosting and try to learn about restFUL api..
try these tutorials
Android Volley Post Request Tutorial – User Registration App
Android Studio Volley Tutorial to Create a Login Application
I want to connect a Android client to WCF Webservice. There are several good guides describing how to do this but the https concept is really blurry for me. Here is what i want:
1) A selfhosted WebService communicating over https with an authenticated client.
The user database resides on a SQL Server.
The Service must be a "simple install" for any user to carry out.
The user will install the service on his/her PC and then download the client from google play configuring it using ipadress only.
Problem: it seems impossible to carry out this using WCF cause wshttp looks like having the need to install a certificate on the mashine.
A possible way forward would be generating a selfsigned cert during install but how can i then in a userfriendly manner get the cert to an android client?
2) A Android app published on Google Play which is able to communicate with the service. Data sent to the service will be both simple datatypes (string and integer data) but also large binaries 3-25Mb.
The user installing the service has no more the knowledge than his ip adress and must not be bothered with any certificate issues or other technical details. One option might be using message instead of transport security but my knowledge is very limited in this area.
Information passed between server and client is of personal caracter and may contain passwords including matching sites where passwords are used, personal info, calendar events etc. It will not contain money transfer orders, credit card numbers or account numbers.
The core functionallity of both server and client are more or less already implemented. I now need to secure communication between client and server.
Any recommendation for a good approach to develop this will be grately appreciated!
The way in which i want to deploy the server service to end users makes it hard to use WCF with ssl.
other options create other problems. i have now abandoned WCF for this specific project in favor to Good old socket programming using Bouncy Castle, SslSocket and a custom protocol. It may me overkill but gives me full control over both authentication certificate management and the data being sent.
Im using ssl with a selfsigned cert and override the cert validation method in android verifying all data in the cert manually except relolving the host name... enough for me since i use a pre shared key to encrypt and decrypt data.
Thanks for all help
I'm planning to develop an Android application with an app-engine backend.
However I would like to refrain from using authentication (either with Google accounts or Open ID). Since the data will be sent only from my app and not any other client, and will be over SSL connection, I consider the data safe and trusted.
So my question is two-fold:
Is there any security issue I'm missing here ?
All the examples I found use some sort of authentication. Is it at all possible to use the android appengine infrastructure (RequestFactory, etc) without authenitcation ?
An app engine application is just a regular web application deployed on app engine. If you need to authenticate your users, do so. If you don't need to, then don't.
You're missing something, though: once a web app is deployed on app engine, it's accessible from anywhere on the web, and so anyone (and not just your app) could send requests to this application, whether you use SSL or not. SSL will just make the communication encrypted, and ensure the client that they're talking to your web app, and not to a rogue web app maskerading as yours.
I want to send messages from an Android handset (and possibly from embedded devices) to the Cloud, and then from the Cloud to an Android app running on a Tablet.
Does anybody have ideas/suggestions for the architecture? Gotchas? Recommendations on what or which cloud services/providers are best? IOW, which Cloud services have both a good API and make it easy/cheap for the end user (MY end user, that is)?
Just replace overhyped word 'Cloud' to 'Server' and you will google tons of answers. I will give you one here: use simple rest over http, once you got this working you can move your app to any cloud you want (depending on the server technology you'll choose of course).
If you want to send messages between two devices all you need to do is have a server to centralize the communication. Server could be anything, but generally a webapp is best. Python, PHP, Ruby, Java. The Android application, on either phone or tablet, would send a message to the server over HTTP. The server would receive the message and store that to some persistence storage (DB, Cassandra, MongoDB, etc). In fact here is an article discussing just that:
http://www.rackspace.com/cloud/blog/2010/05/12/cassandra-by-example/
Then your other Android application would periodically poll for messages from the server by hitting a different URL. On polling the server it would look up in it's topic bucket had it received any messages since the last time it checked. If so the server would reply with the messages it has.
For deployment you can deploy this server to the cloud or regular old web hosting service. By cloud I mean a virtualized hosting server like Amazon EC2, Rackspace, Google App Engine, Slicehost, etc. There are plenty of them. But, you don't have to live in the cloud for this to work. You can just as easily deploy to a traditional web hosting service. Rackspace offers both virtual hosting, and non-virtual hosting with renting models for physical hardware.