How safe is it to use OkHttp





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







-1















How safe is it to use OkHttp3 for your REST API?



For example, if my website has some login/signup process, and my app sends requests with OkHttp3 client. How much can I trust that someone can't take his phone, plug it into Android Studio and look into the logs and find the links for all the requests I'm calling?



There's also the matter of decompiling the app, and easily accessing the base Uri I'm using in my app.



I'm not sure how OkHttp works, so can someone tell me about the security used in the client and how much I can trust it?










share|improve this question





























    -1















    How safe is it to use OkHttp3 for your REST API?



    For example, if my website has some login/signup process, and my app sends requests with OkHttp3 client. How much can I trust that someone can't take his phone, plug it into Android Studio and look into the logs and find the links for all the requests I'm calling?



    There's also the matter of decompiling the app, and easily accessing the base Uri I'm using in my app.



    I'm not sure how OkHttp works, so can someone tell me about the security used in the client and how much I can trust it?










    share|improve this question

























      -1












      -1








      -1








      How safe is it to use OkHttp3 for your REST API?



      For example, if my website has some login/signup process, and my app sends requests with OkHttp3 client. How much can I trust that someone can't take his phone, plug it into Android Studio and look into the logs and find the links for all the requests I'm calling?



      There's also the matter of decompiling the app, and easily accessing the base Uri I'm using in my app.



      I'm not sure how OkHttp works, so can someone tell me about the security used in the client and how much I can trust it?










      share|improve this question














      How safe is it to use OkHttp3 for your REST API?



      For example, if my website has some login/signup process, and my app sends requests with OkHttp3 client. How much can I trust that someone can't take his phone, plug it into Android Studio and look into the logs and find the links for all the requests I'm calling?



      There's also the matter of decompiling the app, and easily accessing the base Uri I'm using in my app.



      I'm not sure how OkHttp works, so can someone tell me about the security used in the client and how much I can trust it?







      android networking okhttp3






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Dec 24 '18 at 7:05









      Ahmad UCGAhmad UCG

      557




      557
























          2 Answers
          2






          active

          oldest

          votes


















          0














          If a link is on the internet, then it's public. There is no point trying to hide that fact.
          You need to focus on the securing the endpoint(s) the app is talking to for confidentiality, integrity and availability



          You need to read up on Web security. Take a look at the OWASP Top 10 and related guides.






          share|improve this answer































            0














            Why are you worried about your URL address? Whenever you expose an API on the internet anyone can find your API URL address. There are easier ways than reading logs of your app.



            What is your exact worry? What do you need to keep secure? What is important for you?






            share|improve this answer
























              Your Answer






              StackExchange.ifUsing("editor", function () {
              StackExchange.using("externalEditor", function () {
              StackExchange.using("snippets", function () {
              StackExchange.snippets.init();
              });
              });
              }, "code-snippets");

              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "1"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: true,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: 10,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });














              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53910258%2fhow-safe-is-it-to-use-okhttp%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              0














              If a link is on the internet, then it's public. There is no point trying to hide that fact.
              You need to focus on the securing the endpoint(s) the app is talking to for confidentiality, integrity and availability



              You need to read up on Web security. Take a look at the OWASP Top 10 and related guides.






              share|improve this answer




























                0














                If a link is on the internet, then it's public. There is no point trying to hide that fact.
                You need to focus on the securing the endpoint(s) the app is talking to for confidentiality, integrity and availability



                You need to read up on Web security. Take a look at the OWASP Top 10 and related guides.






                share|improve this answer


























                  0












                  0








                  0







                  If a link is on the internet, then it's public. There is no point trying to hide that fact.
                  You need to focus on the securing the endpoint(s) the app is talking to for confidentiality, integrity and availability



                  You need to read up on Web security. Take a look at the OWASP Top 10 and related guides.






                  share|improve this answer













                  If a link is on the internet, then it's public. There is no point trying to hide that fact.
                  You need to focus on the securing the endpoint(s) the app is talking to for confidentiality, integrity and availability



                  You need to read up on Web security. Take a look at the OWASP Top 10 and related guides.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Jan 3 at 9:53









                  MichaelHMichaelH

                  1




                  1

























                      0














                      Why are you worried about your URL address? Whenever you expose an API on the internet anyone can find your API URL address. There are easier ways than reading logs of your app.



                      What is your exact worry? What do you need to keep secure? What is important for you?






                      share|improve this answer




























                        0














                        Why are you worried about your URL address? Whenever you expose an API on the internet anyone can find your API URL address. There are easier ways than reading logs of your app.



                        What is your exact worry? What do you need to keep secure? What is important for you?






                        share|improve this answer


























                          0












                          0








                          0







                          Why are you worried about your URL address? Whenever you expose an API on the internet anyone can find your API URL address. There are easier ways than reading logs of your app.



                          What is your exact worry? What do you need to keep secure? What is important for you?






                          share|improve this answer













                          Why are you worried about your URL address? Whenever you expose an API on the internet anyone can find your API URL address. There are easier ways than reading logs of your app.



                          What is your exact worry? What do you need to keep secure? What is important for you?







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered Jan 3 at 10:07









                          Ehsan MashhadiEhsan Mashhadi

                          783619




                          783619






























                              draft saved

                              draft discarded




















































                              Thanks for contributing an answer to Stack Overflow!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53910258%2fhow-safe-is-it-to-use-okhttp%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              Popular posts from this blog

                              'app-layout' is not a known element: how to share Component with different Modules

                              android studio warns about leanback feature tag usage required on manifest while using Unity exported app?

                              WPF add header to Image with URL pettitions [duplicate]