I want to create a small Android chat app which is able to communicate over SSL with other clients. I want to do this packing the truststore containing the server's certificate in the .apk-file which installs the app.
Now my question is: Is this the right way to do that or is there a better way? I just want to make sure that the app currently only trusts my server.
Do you mean that you want to have one device connect directly to another device? That is most likely not going to work (firewalls etc.) - you will very likely end up with the traffic going through a central hub. In which case the problem boils down to an SSL connection to one server (the certificate of which is well-known in advance).
Joined: May 07, 2013
Sorry if I didn't explain it understandably:
I actually want my device to connect to one known server as a central hub. The clients' truststores should contain the server's certificate (which is well-known, as you said). All I wanted to know now was if packing this truststore directly in the .apk-file (which installs android apps on a device) is a good solution to make my system possible.