Regardless of the programming language
I have a client server application.
mobile client - http server
The app will be available on several mobiles not only android.
I want to make sure the request is coming from client's mobile only.
How can I solve this security problem?
I propose :
Have a secret key hard-coded on the mobile app:
Each request is encrypted using this key and decrypted on the server side.
Is it safe to hardcode the key if this way makes sense at all? (decompilers can get the key? the app will be available not only for android!)
Extra info:
Each user will have a userid/username...
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 叼着烟拽天下 的文章《Client-Server security and authentication》','https://www.manongdao.com/article-684608.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}