csv - Is it possible to remotely host a resource used in a Android app in such a way that it can only be used by my app? -

basically trying achieve hosting csv file retrieved , used application source of data populate tables. csv updated latest data, , envision every app latest version ensure data within date.

my question around whether possible ensure remote csv resource used application?

presumably if did plan url on location of csv sniffed , path used others. don't see how restrict access since users using app connection.

if use sort of encryption on file, decryption key(s) possibly exposed if decompiled java apk file?

are there other approaches ensure csv data source used app?

thanks

(i using csv because data isn't complex, , doesn't warrant database, i've read little app->webservice->database approach issue when using database)

the question ask, should be: how hard can make crackers live? if distributing app via playstore, have @ this question, though it's marked off topic, answers , links valuable.

i assume, app not free (since .csv seems valuable), have deeper licensing verification library , this blogpost, esp. parts technique: offload license validation trusted server , technique: make application tamper-resistant.

in short , far understand it, way go follows:

1. upload apk google rsa public key.
2. implement lvl request inside application (without encryption , without private key inside application package!**
3. forward lvl response server post on secured ssl connection
4. on trusted server, using rsa private key should check things mentioned in blogpost, esp. put requested user ids database , count requests single uid, if it's higher average can assume user id 1 used invalid requests.
5. don't reply if goes wrong check
6. if alright, reply csv. persist data on android client, if want user use csv without connection, else rooted device or cracked apk gain access , redistribute csv - better: push requested parts(e.g. lines) of csv user

see this question , lookup replay attacks , how prevent it, not let replay call provided csv or parts of (e.g. sequence numbers per uid).

obfuscate code possible make work harder, @vincefr mentioned already.

there still attacks, these two:

• root device , inspect stored csv, redistribute - that's why don't want store csv on client
• reverse engineer app, log complete csv got , use it, remove lvl code use app free - that's why still have obfuscate , send parts requested

even checksumming, using packagemanager, apk signature etc pp won't 100%.

but in fact, until client first downloads csv (or other data) data save. it's save, long can trust users (e.g. limited user circle of trust inhouse application or something, should prefer androids vpn options access file). after that, it's question of time , effort put cracking app , getting valuable csv - , question is, if it's worth put time it.

an additional link providing more information , links on lvl justin case.

have nice read on these links , remember: making hard enough make unvaluable can't stop crackers taking value success - mean is, cracking kind of "crack-proof" software more valuable, without getting paid or something, kind of people.

ps: see this answer on another question, "crack-proof" software - website , it's data can duplicated, if it's worth it.