On Mon, Jun 22, 2015, at 12:32 PM, Alex Zavatone wrote: > Basically, we're trying to make sure that we limit just what type of > client can contact our web service and limit it to our iOS and Android > apps.
Generally speaking, this isn't possible. All of the information necessary to authenticate the client as "genuine" needs to be contained within your application, which makes it possible to extract, inspect, and mimic. You might look up the history of AOL trying to kick unauthorized clients off its AIM network. The continued existence of projects like GAIM and Trillian provides some commentary on the effectiveness of that approach. --Kyle Sluder _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
