How to secure webservice URL?

Question

I have an android app with web service urls. If anyone decrypts my apk file, the webservice url will become visible.I am using HTTP POST for calling web service.

An

Answer 1

I use it this in all android application I developed

gradle.properties

API = http://ec2xxxxx.compute.amazonaws.com
API_KEY = $2c11SoL/NjJ28

create utils.gradle

utils.gradle

        class Utils {
        static def r = new Random(System.currentTimeMillis())
    }

    def String toJavaCodeString(String string) {
        byte[] b = string.getBytes();
        int c = b.length;
        StringBuilder sb = new StringBuilder();

        sb.append("(new Object() {");
        sb.append("int t;");
        sb.append("public String toString() {");
        sb.append("byte[] buf = new byte[");
        sb.append(c);
        sb.append("];");

        for (int i = 0; i < c; ++i) {
            int t = Utils.r.nextInt();
            int f = Utils.r.nextInt(24) + 1;

            t = (t & ~(0xff << f)) | (b[i] << f);

            sb.append("t = ");
            sb.append(t);
            sb.append(";");
            sb.append("buf[");
            sb.append(i);
            sb.append("] = (byte) (t >>> ");
            sb.append(f);
            sb.append(");");
        }

        sb.append("return new String(buf);");
        sb.append("}}.toString())");

        return sb.toString();} 
ext.toJavaCodeString = this.&toJavaCodeString

build.gradle

apply from: "utils.gradle"
   android {
    defaultConfig {
        buildConfigField 'String', 'API', toJavaCodeString(API)
        buildConfigField 'String', 'API_KEY', toJavaCodeString(API_KEY)
    }}

and access your private url;

    public static final String API = BuildConfig.API;