Regardless of the programming language
I have a client server application.
mobile client - http server
The application will be available on several mobile phones not only for Android.
I want the request to be executed only from the mobile client.
How can I solve this security problem?
I suggest:
Enter the secret key encoded in the mobile application:
Each request is encrypted using this key and decrypted on the server side.
Is it safe to hardcode the key if this method makes sense at all? (can decompilers get the key? the application will be available not only for Android!)
Additional Information:
Each user will have a username / username ...