i am developing an android app. it's using php rest api for database process. what is best way make it secure.
i can send and recieve datas from android studio but this means anyothers can
readed about googleauthutil (year 2022 and i don't know its still valid process)
if java codes in android studio could be hidden i wouldt set a key like '054ss6yTTYd545d' server side and app side, and wouldn't need to ask this question
thank you
1-Encrypt data and generate always same encryption key on run time with your app package name(use other key as well if not want to use package name). decrypt data in API(server side) with same key.
2- store your private key in gradle and use it to encrypt data
3- use access token on all APIs calls after login(token must be provided from server on every login (manage session time of token))
4- use Authorizations
5- Take your base URL in Gradle file