Secure Communication

Careful attention to security and privacy can be the difference between launching a successful business and landing in a court of law. And since the consequences can be so serious, I've dedicated this article to ensuring that the communication between a mobile device and the server is secure.

There are a number of aspects to security and privacy, but this article will focus on the communication channel. To that extent, I'll switch the communication protocol from HTTP to HTTPS.

Wikipedia defines HTTPS as follows: "Technically, it is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications." ( ). That's a fairly technical definition, but the key point is this: As data travels from your mobile device to the server and back, no one is able to intercept the content because it's encoded in a way that only the device and the server can decipher.

The implementation of HTTPS on a mobile device doesn't require much of a change. And if you're lucky, your organization will have purchased and installed an SSL certificate on your server(s). However, for people developing (and testing) on a local machine, it's important to be able to generate and install a self-signed certificate. I'll describe the steps for creating and installing one in this article. I'll then describe the steps required to accept a self-signed certificate within a mobile app.