Good day everyone! There is a project in which a significant part of the checks are performed on the Android client side. To protect against fraud, they decided to transfer part of logic to the obfuscated native library. It works like this: a request to the server is signed by a hash with salt, this hash is generated in a native. However, all the same, some features of the fraud remained in the java code, in order to eliminate them, you would have to completely rewrite all the java code to the native. Is it possible to check from the native whether any changes have been made to the client's java code? And is it possible to get imei devices from a native? Thank you in advance.
- oneWhat if from ndk to call java functions that can be changed and compare the expected result with the actual. Or let this result participate in the process of signing requests. The result has changed - the signature is not valid. - eugeneek
|
1 answer
Everything on the client side can be hacked, even though you can do it with java or C ++. Look for the possibility of antifraud on the side of the back. Even if you do something, it will only delay the detour (Well, the maximum of the creak of the kidi will save).
Ruslan Yagupov Ruslan Yagupov
518 one ten
|