Best Practice for User Registration using PHP + Phonegap

Question

I'm currently developing an application for Android using Phonegap (HTML+JS) and PHP for server platform. And here are my current login process :

• I stored a secret app id (let's call it an app_id) in the javascript which later will be stored on APK file

• Whenever a user want to register from the android application, he/she need to enter for example : email, password, and his/her gender. So the application will send the following data to the server :

  POST https://mywebsite.com/register.php?app_id=[MY_SECRET_APP_ID]&email=[EMAIL_ADDRESS]&password=[PASSWORD]&gender=[GENDER]

I also plan to use https on my website.

My questions are:

Is this secure enough? I have a thinking that maybe someone could guess or using specific method to get my MY_SECRET_APP_ID, then he/she can do the "registration spam" to my server.

Are there any reference for registration method using Phonegap?

Thanks for your answer

Answer 1

consider that every APK can be unpacked, and so readable! in more of that, if you don't use SSL, all your request can be sniffed (like Jamie says)

try to make a code changing in the time, like a reverse encryptionable string, time based.