mardi 30 juin 2015

API or put the logic inside the app?

I'm busy building an app for android. When it's properly received by Android users I would like to expand to iOS.

But, before we get there, I first want to make the right choice. So my question, what to do?:

  1. writing all the logic inside the app and use Cognito (http://ift.tt/1R2Cu2t) to access the data from DynamoDB
  2. or let my app connect with my own API which handles the validation rules, which I then connect with DynamoDB database (don't know or API -> Cognito -> DynamoDB is a better solution, didn't really used it yet so...).

Now we all know about those issues where hackers built ways to bypass certain validation rules (as far as I read, most commonly by decompiling the app). I really want to avoid that!

So what do you experienced Android developers use? I know the answer seems obvious. But the reason I ask this is because I would like to avoid having my infrastructure, which I need to update etc. But to be able to register users, without the need of an third party which supports OpenID like twitter, facebook or Google, AND secure my validation rules, it seems like I have no choice. Or do I?




Aucun commentaire:

Enregistrer un commentaire