I have an iOS app that communicates over https with a server.
Is it possible to authenticate the app, so that the server will only respond to requests from that app? In other words, it won't respond to http requests from a browser/curl/another app/etc?
I'm not interested in authenticating the user- just being sure that only my app can communicate with the server.
What I've considered:
-Shared secret on server and app. But anyone can look inside the app bundle to extract the secret.
-Using push notifications. App contacts server, and tells server its push notification token. Server sends a push notification which reaches app. Nothing else can receive the notification, so embed a shared secret in it, which the app can use from then on. But push notifications can be deliver开发者_StackOverflowed late, or not at all. And many users don't want to enable them.
Obviously Apple authenticates devices so it knows where to send push notifications. But is there any way of hooking into this?
Have you thought about using MAC address of your ios device? I use this in an app that logs on a server that needs to identify a device as a terminal and uses that to create a session for that terminal.
精彩评论