i have 2 main questions which are security problems (and i searched like a couple of days for the answers but i didnt find so...) :
How can i secure the connection between the android app to a php file. the thing is, i have a database server which i read / write data to it by the php file. I send from the android app a post request which contains data like the sql statement, mysql host, mysql user, mysql password and mysql database. How can i send this information without worrying about security problems? becouse if some one will use sniffer he might get this sensitive data and do whatever he want on my database.
I want to secure the stored data on the shared preference in my application. the data i store are the phone number and other personal information (name address etc..) the problem is, all the actions the user can do are based on his phone number. for example, lets say it is like facebook - and all the user information like messages sent / got / photos uploaded etc are based on his phone number. What i mean is - i get all his data from the database based on his phonen umber on the app load - i use sql statement which i select all his data where phone = user phone. the problem is - the user can edit his phone number in the shared preference. so waht i did is i encrypted it but still, i dont think it is very secure.... Any ideas how to secure it / store the phone number + other information on the phone in secure way?
Thanks alot guys!
