1

I'm using back4app as my back-end for my android application. My concern is that I don't see how I can stop hackers from spamming user creation in my database.

Since the client key and app ID is shipped with the app itself, anyone can use it and keep creating fake users.

Also if I disable user creation from application, there's no way for my actual users to sign up. I hope I was able to explain my situation properly.

How can I guard my application against this unintended usage?

Zeitounator
  • 38,476
  • 7
  • 53
  • 66
Tanzim Chowdhury
  • 3,020
  • 2
  • 9
  • 21
  • You mean you want only a specific group of users to be able to signup but not others? – Jost Jan 12 '20 at 15:00
  • What I want is just people using my app to be able to log in. What i do not want is someone reverse engineering my apk file, getting the clien key and app ID , connecting to my database and start creating fake users, hope I was clear enough . – Tanzim Chowdhury Jan 12 '20 at 17:32
  • 1
    It is something that you can face no matter which API or hosting service you are using. Some ideas of how you can protect from this: - add a captcha verification - add sms verification - add email verification – Davi Macêdo Jan 16 '20 at 02:58
  • Thanks for clearing that up, yes I was thinking of putting in email verification – Tanzim Chowdhury Jan 19 '20 at 11:02
  • It could be nice if back4app add a built in captcha solution on the login process to don't need to use reCaptcha – selan Jul 05 '21 at 14:39

0 Answers0