On 10 April 2011 19:45, elioncho <elion...@gmail.com> wrote: > I've and android application which sends post requests to a web > service. I want to secure the communication between the two and was > wondering which is the best approach: > > 1) Make https requests >
It sufficies for most tasks just to secure communication chanel (i.e. with said SSL) > 2) Encrypt the request params via an encryption algorithm and decrypt > on the web service (I found one called SimpleCryto > > http://www.tutorials-android.com/learn/How_to_encrypt_and_decrypt_strings.rhtml > ) > You may encrypt data being sent if needed, but you barely really need it if you use SSL. Major security concern is that someone may be tapping the "wire" but (if SSL is used with rigth size key like 2048 bits) suffices nowadays. Regards, Marcin Orlowski *Tray Agenda <http://bit.ly/trayagenda>* - keep you daily schedule handy... WebnetMobile on *Facebook <http://webnetmobile.com/fb/>* and *Twitter<http://webnetmobile.com/twitter/> * -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en