I have a mobile app (Android/IOS) which can track the end user on field. I want to secure the communication between the mobile app and the REST server. So I plan to use SSL for this. Is it the recommended to handle such critical info when we consider to send these locations every 100 meters (more or less)?
If yes should we open a SSL connection all the times we send a single location or should open and keep a long (I do not know how long) SSL session in order to send the locations?
If not then what is the fallback?
I made an app like that. The user not always has Internet. The user very probably want to upload the data only, when is connected to WI-FI. My solution it was to store the data encrypted with AES in NDK side inside the app ( private data ) upload to server -without hassle of SSL encrypted of course.
At the server side it was dencrypted.
The server will send a confirmation to phone the decrypt process status, optionally: done / failed.