I'm working on an iOS app which will need a server backend for users to grab data from, but the data isn't stuff that I'd like any packet-sniffer to be able to use. I'll be paying to access the data, so I'd like to ensure that if something is connecting to my API to request data, it is in fact MY app, and not some dude who wants free information. Is there a standard way to do this kind of thing?
+2
A:
Best way would be registered users, with the user entering his credentials into the app. This way, you could also measure how much data each user accesses, if you are worried that some users might scrape and share.
Without registered users, you could have a secret token built into the app. Could be reverse-engineered and hacked, though.
As for the packet-sniffers, use SSL for the connections to your server.
Thilo
2010-08-20 02:40:23
User accounts are ugly, especially in an iPad/iPhone app. I want to avoid that. I might be able to hack something together using the device-id of each device, though. That would help track piracy, too.
Seventoes
2010-08-20 02:45:22
@Seventoes a user with a jailbroken iphone has more control over the device than you do, any secret you attempt to store on the device, either in memory or in flash will be obtained. It is trivial to spoof the device-id or any other identifying information. User accounts are the only way to go.
Rook
2010-08-20 02:57:17