This is serious problem that every one facing . How to secure Web-service URL if someone decompile the application.
Now a Days there are lots of tool that decompile the apk file and give possible java code. In code we have our Web-service url . Now that person have that url and get to know some important thing that we don’t want to disclose.
Even Using proguard it not Convert String resource to any secure resource.
So I research to that and have one idea that will help to secure our web-services.for that You will require only a single URL that call setup-url will setup all the stuff you want. I divide it in some steps.
Step 1 : Create Explicit Sqlite Database and insert your setup-url in any table and store it in asset folder.
Step 2 : At the Time of Execution store it in your data/data/your package/databases Location.
Step 3 : Now With Your java class File select that url from table.
Step 4 : Now while executing this web-service Pass one POST parameter as Token with it, Now at Web-service it will check first is the call is valid (Means from application) or Not. If yes then application will access the Url as response and then store it locally. If no then It will ask for token or redirect to the forbidden page.
Hope it will help to secure.
All other suggestion are welcome.
THANK YOU FOR READING