I have an Android app using Parse as backend. Over time I’ve seen some clone apps that are using data from my parse db by decompiling our apk.
Is there any way to prevent this?
Can I only allow parse db access from my app without any logins?
1 Like
i would try to use CSRF token to avoid request directly. But i don’t know if that the right way
This is really bad. Do they decompile and extracted the client key from the app?
Unless the specific ecosystem provides an integration for an e2e solution, it will be quite difficult to know that your app hasn’t been tempered with.
At least for the Google Play ecosystem there is the Play Integrity API (formerly known as SafetyNet Attestation) to mitigate that. For the Apple ecosystem there is the Device Check API.
You can implement security measures such as authentication tokens, API keys, and rate limiting to control access to your backend services. However, these measures may not completely prevent unauthorized access but can make it more difficult. Utilize tools and techniques, like company enrichment, to detect if your app has been tampered with or modified. You can implement checksums, integrity checks, or other mechanisms to ensure the integrity of your app. Encrypt sensitive data stored on the client-side or transmitted over the network to prevent unauthorized access even if someone gains access to your data source. Regularly monitor and analyze traffic to your backend services to detect any unusual patterns or suspicious activity. This can help you identify and respond to potential security threats.