Android applications security – part 2: client-server communication
Mobile applications commonly use resources containing some sensitive data stored in a backend service. To obtain them, not only our application (client) needs to query an endpoint, but it also has to authenticate itself, so the server knows who specifically needs this information.
Android mobile applications, due to their specificity and ease of access to the source code, require an appropriate security approach both in the storage of any sensitive data in them, as well as in the case of communication with servers. An attacker can use innumerable ways to steal our sensitive data and use it in an undesirable way, potentially exposing us to huge losses. Only the proper protection of all foreseeable areas exposed to attacks, and a good knowledge of the vulnerabilities of our applications can help us create a product that ensures the high security and integrity of our data.