I integrate my Android application into Google Analytics and wonder what security measures should be taken so that my analytic data is intentionally polluted by bad people. Of course, GA data is not critical for production, and there are (hopefully) not too many people who work, who do such things just for fun, but still - within reasonable limits I would like to apply any preventive measures.
Now the only thing that comes to mind is that I should avoid getting the tracking ID in the wrong hands.
Google search results I found only conversations:
- tracking id protection for web pages - not so much talking about how to do the same for Android applications.
- setting up a GA filter to include traffic data only for my own web page - again, it's just for web pages ...
When sending hits from my application, there seem to be two ways to access the GA servers:
- If Google Play services are not installed, it
putHitstarts and starts an HTTPS request with data about the hit. If debugging is set for the log level, I see how this happens, and the data in the ADB logs along with the tracking ID. - If GPS is installed, this will take care of sending, presumably also via HTTPS.
Thus, it makes me think that the best I can do at the front of the application is to make sure that the log level is above debugging (which is a good idea, independently) and encrypt the tracking identifier to at least make it hard to extract from the APK .
On the GA front, I did not find anything like a solution for filtering web pages.
Is there anything else I can do?
source
share