I'm building an Android app using Kotlin that communicates with a Ktor server running on a remote machine. Currently, the app uses the Ktor client over plain HTTP for sending GET, POST, and DELETE requests to the server. Here's the scenario:
The app does not require user login or signup (no authentication).
I want to secure the data being sent between the Android app and theserver.
Right now, all communication is happening in plain text over HTTP.
Both client and server are written in Kotlin using the Ktor framework.
Server Sample Code (Ktor)
fun Application.module() {routing { get("/data") { call.respondText("Here is your data") } post("/submit") { val received = call.receive<String>() println("Received: $received") call.respondText("Data received") } delete("/delete/{id}") { val id = call.parameters["id"] call.respondText("Deleted item with id: $id") }}}
Android App Sample Code (Ktor Client)
val client = HttpClient(CIO)suspend fun getData() { val response: String = client.get("http://your-server-ip:8080/data") println("GET response: $response")}suspend fun postData() { val response: String = client.post("http://your-server-ip:8080/submit") { setBody("Hello from Android") } println("POST response: $response")}suspend fun deleteData(id: String) { val response: String = client.delete("http://your-server-ip:8080/delete/$id") println("DELETE response: $response")}My Question
What is the best way to secure this communication without implementing user authentication?Specifically:
- Should I use HTTPS (TLS/SSL)? If yes, how do I configure it on theKtor server?
- Do I need a certificate? Can I use a self-signed certificate orsomething like Let's Encrypt?
- How do I make the Ktor client in Android trust the server’scertificate?
Any help with secure HTTPS setup for this client-server communication would be appreciated.