The present invention relates to securing communications between a client and a server, and more particularly to securing a web server against an unauthorized mobile device client application.
Hybrid mode mobile applications may run JavaScript® code inside a native container, which simplifies cross platform development, but exposes back-end servers to a possibility of being called by unauthorized applications. JavaScript is a registered trademark of Oracle America Inc. located in Redwood Shores, Calif. An attacker can inspect the JavaScript® code deployed with the application and write the attacker's own application running unauthorized calls to the server. Some known mobile application development frameworks may protect the server from modified code on a mobile phone by using a native implementation (e.g., a challenge token sent from a server to the application is processed by compiled native code, so that a third party attacker cannot see the logic of the processing).