I submitted an App to the Amazon App store, but it was rejected because of this issue:
This app appears to be sending unencrypted, sensitive information. In this instance, the E-MAIL and PASSWORD is being sent in clear text. Please update the app to encrypt all sensitive information.
I'm using LoopJ for my http requests and I'm not sure why my data is not being encrypted, or how to encrypt it. Here's my code.
public class MYAuthClient {
private static final String BASE_URL = "http://www.mywebservice.net/";
private static AsyncHttpClient client = new AsyncHttpClient();
public static void post(String url, RequestParams params, AsyncHttpResponseHandler responseHandler) {
client.post(getAbsoluteUrl(url), params, responseHandler);
}
private static String getAbsoluteUrl(String relativeUrl) {
return BASE_URL + relativeUrl;
}
}
To make requests. I do this.
RequestParams params = new RequestParams();
params.put("email", login_email);
params.put("password", login_pass);
MYAuthClient.post("api/v1/tokens.json", params, new AsyncHttpResponseHandler() {
@Override
public void onStart() {
// Initiated the request
}
@Override
public void onSuccess(String response) {
// Successfully got a response
}
@Override
public void onFailure(Throwable e, String response) {
// Response failed :(
Toast.makeText(getApplicationContext(), "Failed to connect to server", Toast.LENGTH_LONG).show();
}
});
Any help or a link to an example of using encryption along with LoopJ? Thanks!
The best solution here is to provide a https endpoint for your webservice.
Then in your Android, change to endpoint to https like so:
http://www.mywebservice.net/
becomes
https://www.mywebservice.net/
You need to check that the server hosting the webservice is set up to server https. The solution to that problem is beyond the scope of this question.