Serving static assets for my apps,how to authenticate?


#1

I have an android app which is larger than 100 mb. I tried to use expansion file but the cordova plugin was problematic. I still can’t figure it out how to make it work. I am thinking about serving my assets files from a web server but I don’t want to make the download url public. I’d like to make sure only my app can download the files. How should I do the authentication? I am considering using aws s3 for storing my assets. Or do you recommend other ways of serving static assets?
Any help would be much appreciated.


#2

Sadly, what you describe, although it sounds reasonable, is categorically impossible, unless you control the distribution of the app binary itself.

Anybody with a copy of the app binary can masquerade as “the app” for all practical purposes.


#3

Just to backup @rapropos - on the simplest version you could just put the content on a url that’s not easily discoverable, like a guid.

e.g.

www.website.com/3gf8394hrguerioghu3rqghreugherughreguierhguignrueihlg


#4

Many thanks for your reply! Then I will just choose any CDN to serve the files.


#5

Many thanks again for your help!