I have the following situation: I have an app on a User device, and my main serv

Question

I have the following situation: I have an app on a User device, and my main server. The app can send the main server pdf-files and jpg-files. Now my problems are:
-> What is the best way for the server to make sure that only pdf-files and jpg-files arrive?
-> What is the best way for the server to make sure that only files generated from the app arrive, and no user generated files? If the user can generate his own files, he can add malicious content which I don't want to have on my server.
My app is running on a possibly open phone (rooted/jailbreaked), so I don't can be sure that no one has access to the storage folder of the app.
How can I solve this problem?

Explanation / Answer

As a rule, you can't make sure only app-generated files arrive. If the user has access to the app, storage folder access is the least of your concerns -- the attacker can reverse-engineer the code to acquire any cryptographic key and any communications protocol you embed. It is generally impossible to give a person code to do something on a device they control, while preventing them from doing that exact thing themselves. The best you can do is prevent malicious content from being able to do damage; you can never actually just trust data received from a user's device.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects