0

I have an HTTPS WebService that need to be accessed from a Mobile (iPhone or Android) application. both are developed by me.

The mobile phone needs to send its location to our server every few minutes - I need to secure this data.

In all my mobile apps that I developed till now i wrote webservices on client side and on the data layer and thats it...but I now understand that it is not safe.

My questions are:

1.Is there more secure alternative to using web services for location transfer?

2.How can I secure the data transfered via WS?

Cœur
  • 37,241
  • 25
  • 195
  • 267
Bobo2012
  • 139
  • 1
  • 2
  • 7

2 Answers2

0

Consider to encrypt this data with an asymmetric encryption algorithm like RSA. It is not hard on Android but could be very tricky on iOS.

The important thing is to store only public key on the device. Do not store private key in any form on the device. On iOS you can store a certificate and encrypt your data with the public key in the certificate.

Hope it helps..

Jan
  • 400
  • 5
  • 14
  • So you say that webservices are the only way - BUT I need to secure them by encryption and public keys rule - buttom line regular old fashion WS still in the picture..do you see any other future method\technology that might take WS place in future? – Bobo2012 Jun 13 '12 at 23:05
  • @Bobo2012 I think, web-services are just fine. They are easy enough to create and manage. I don't think you can find any replacement for them. But you can try always new technologies. If you use a regular SOAP web-service you can consider replacing them into REST-services. It is great when you communicate with a mobile device. But it is neither so different nor more secure. – Jan Jun 13 '12 at 23:16
0

If you use HTTPS data in transit is automatically encrypted. Do not try to invent your own encryption using raw RSA or random code you find on SO/forums. Just setup SSL on your server and be done with it.

Nikolay Elenkov
  • 52,576
  • 10
  • 84
  • 84