如何隐藏/加密/混淆在我的Android应用程序中使用直接的网址? [英] How to hide/encrypt/confuse direct URLs used in my Android application?
问题描述
是 - 我已经开发了应用程序将HTTP根据不同的用户输入访问我的Web服务器一个Android应用程序的事情。我的问题是 - 反正是有藏在我的应用程序的硬codeD的网址是否有人逆向工程这个code会被混淆?
The thing is- I've developed a Android application where the application will HTTP access my web server based on different user input. My question is- is there anyway to hide the hard coded URLs in my application that if anybody reverse engineer this code will be confused?
问题,如果有人逆向工程code,他/她可以使问题我的其他客户为URL是 - ,参数是很难codeD。
The problem is- if anybody reverse engineer the code he/she can make problem to my other customer as URL, parameter is hard coded.
及其对我真的很迫切。寻找您对这个问题的热心帮助。
Its really urgent for my. Seeking your kind help regarding this subject.
感谢。
推荐答案
在你的应用程序完美不解的字符串资源(如URL)是的根本不可能的。的任何人都可以反编译你的应用程序,并给予足够的时间就可以在你的应用程序重建任何硬codeD字符串(URL)的
Perfectly obfuscating string resources (such as URLs) in your app is simply not possible. Anyone can decompile your app and given enough time will be able to reconstruct any hard coded strings (URLS) in your app.
而不是依靠你的URL的不愿透露姓名的,你应该把你的时间,以保护您的服务器,使得未经授权的用户将很难与它交互。即使你有完美的字符串混淆保护服务器仍然是至关重要的。有很多方法来发现隐藏的网址,众说纷纭。例如这将是微不足道的,我在中间人攻击人>看我的手机连接到哪些服务器。另外一个简单的WebCrawler也许能够做得一样好。
Instead of relying on the anonymity of your URLS you should devote your time to securing your server such that un-authorized clients will have difficulty interacting with it. Even if you had perfect string obfuscation securing your server would still be vital. There are a multitude of ways to discover the hidden urls. For example it would be trivial for me to engineer a man in the middle attack to see what servers my phone is connecting to. Also a simple webcrawler might be able to do it as well.
这篇关于如何隐藏/加密/混淆在我的Android应用程序中使用直接的网址?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
