0

I have an android application which contains login authentication, I am not sending encrypted username and password to back-end for authentication.

When I scan this application in "Application Security on Cloud" it is not showing any error, or any security issues. I am expecting a security issue as the password and username are not encrypted. Why am I not getting any errors?

ralphearle
  • 1,696
  • 13
  • 18
Rahul Kant
  • 33
  • 8

1 Answers1

1

If the connection is HTTPS (it should be) the data is encrypted in transit.

The username and password should not be encrypted by the app, the password will be securly hashed and saved in the cloud service.

zaph
  • 111,848
  • 21
  • 189
  • 228
  • I have used HTTP and I am using GET method to call api. – Rahul Kant Sep 29 '16 at 17:46
  • That is a poor choice these days, consider upgrading to HTTPS, that is the correct and secure solution. Keep in mind you are responsible for the security of the users. – zaph Sep 29 '16 at 17:49
  • Actually we are trying to see if Application Security on Cloud service is able to detect it as a problem or not, and it isn't. – Rahul Kant Oct 02 '16 at 17:36