Skip to content Skip to sidebar Skip to footer
Home / Android / Google App Engine / Oauth 2.0

Identifying Which Android App Is Making Contact With My Appengine App

Post a Comment
This is an 'Is this possible?' question. I have an app for the android phone and another application for the appengine platform. The appengine thing is really just a db of high sco

Solution 1:

Good timing; Google just released a feature will address your question: http://android-developers.blogspot.ca/2013/01/verifying-back-end-calls-from-android.html

Doing this is a multi-step process, which I’ll outline in full, but here’s the short version: You use the GoogleAuthUtil class, available through Google Play services, to retrieve a string called an “ID Token”. You send the token to your back end and your back end can use it to quickly and cheaply verify which app sent it and who was using the app.

Solution 2:

With OAuth 2.0 (Open ID connect) you can identify the user that is using your game. It seems that you want to authenticate the app though. There are multiple ways to do this, but you still have to embed the credentials in the app or create some sort of registration mechanism. Generally, as long as your attacker (skillful user) has full access to app code and the device (rooted, etc.), there is not much you can do. The only question is who hard do you want to make it.

Or you can use a third party service such as Parse, and trust that they spend some time perfecting their app authentication mechanism.

You may like these posts

Post a Comment for "Identifying Which Android App Is Making Contact With My Appengine App"