android - Restriction of Google OAuth call to Google Play unique name -
background
reading these articles http://developer.android.com/google/auth/http-auth.html , http://android-developers.blogspot.cz/2013/01/verifying-back-end-calls-from-android.html , other responses on oauth 2.0: client id , client secret exposed, security issue? , client secret in oauth 2.0 realized not worth authorizing rest api using token received google oauth. can false (doing own app , getting token) attackers can client id decompiled apk. see way of securing app utilize app's unique name on google play.
question
is possible resstrict phone call google obtain security token app's unique name on google play?
get oauth token google.
rule of security don't invent own security. utilize established library handling of security.rule of security don't save (persist) security tokens in program. 1 when need it.
return googleauthutil.gettoken(mactivity, "me@example.com", "oauth2:http://www.example.com/data/");
http://developer.android.com/google/auth/http-auth.html
android api security oauth
No comments:
Post a Comment