In short,
We made an app that interacts with a server to fetch some data.
But now we think about security and here is our question :
Can a man in the middle attack happen ? Can someone use something as burpsuite or wireshark to analyze queries that come and go ?
Any suggestions will be greatly appreciated,
thanks.
It depends on who you mean.
If the app uses https to communicate with the server, a 3rd party ("somebody else" other than the user and the server) will not be able to see or modify traffic in a MitM attack. That's why you need https.
However, the user itself (ie. anybody having administrative access to the client) will be able to do so. If the question is about protecting the app from its legitimate users by hiding the traffic in some way, that's not possible. Even if using https, the user of the client device can trust any server certificate, for example the one presented by a proxy like Burp, so they will be able to see and analyze their own traffic.
