Android开发方面的,安全的数据传输的最佳实践 [英] developing for android, secure data transfer best-practice
问题描述
我在寻找一个最佳实践从远程服务器到Android设备安全发送数据。这些数据需要从任何人嗅线的安全,我希望HTTPS来处理这么多。真正令人担忧的我已经是这样...
I'm searching for a best practice for securely sending data FROM a remote server TO an android device. This data needs to be secure from anyone sniffing the wire, and I expect HTTPS to handle this much. The real concern I have is this...
该数据将由应用程序被消耗掉,而真正的内容对用户隐藏。想想看,如果用户正在测试,以及应用程序下载了所有可能的答案(并知道哪一个是正确的)。显然,你不想让用户能够嗅出交通发现哪个答案是正确的,你也不希望用户能够逆向工程的应用程序,并找到用来解密的数据超级秘密解密密钥。
The data will be consumed by the app, but the real content hidden from the user. Think of it as if the user is taking a test, and the app has downloaded all the possible answers (and knows which one is correct). Obviously, you would not want the user to be able to sniff the traffic to discover which answer is correct, nor would you want the user to be able to reverse engineer the app and find the super-secret decryption key used to decipher the data.
这可能是一个不可能完成的任务,但那里确实锁定这类敏感数据的好方法呢?我知道这些天没有什么是安全的,甚至不是蓝光解密密钥。但也许有人可以点我在正确的方向。
This may be an impossible task, but are there any good methods for really locking down this kind of sensitive data? I know these days nothing is safe, not even the blu-ray decryption key. But maybe someone could point me in the right direction.
推荐答案
如果你没有设备的物理控制,那么你就不能让它100%的安全。平原和简单。
If you do not have physical control of a device, then you cannot make it 100% secure. Plain and simple.
HTTPS会帮助你与传输,但如果你是在本地机器(即使在温度/乱码格式)上保存数据,迟早有人会设法得到它。
HTTPS will help you with the transport, but if you are saving data on the local machine (even in temp / garbled format), sooner or later someone is going to try to get at it.
我建议你发送(下一个)问题和可能的答案给客户,然后选择的答案发送回服务器,并让服务器决定,如果它是对还是错。冲洗和重复,直到所有的问题都做了,然后显示出最后得分。
I suggest that you sending the (next) question and the possible answers to the client then send back the chosen answer to the server and let the server decide if it is right or wrong. Rinse and repeat until all questions are done and then show final score.
这篇关于Android开发方面的,安全的数据传输的最佳实践的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
