I have an Android app using Parse as backend. Over time I’ve seen some clone apps that are using data from my parse db by decompiling our apk.
Is there any way to prevent this?
Can I only allow parse db access from my app without any logins?
1 Like
i would try to use CSRF token to avoid request directly. But i don’t know if that the right way
This is really bad. Do they decompile and extracted the client key from the app?
Unless the specific ecosystem provides an integration for an e2e solution, it will be quite difficult to know that your app hasn’t been tempered with.
At least for the Google Play ecosystem there is the Play Integrity API (formerly known as SafetyNet Attestation) to mitigate that. For the Apple ecosystem there is the Device Check API.