I’m developing a mobile app. I have a question, and here is the scenario.
If a person is logging into the App with google sign in API in a public network. The website will verify the user with his
Email ID and if verified the website will in return returns the user details like his mobile number, address, and somethings. Meanwhile, from that Public network, a person has sniffed the
Email ID of the user and that person uses that
Email ID to retrieve the user details.
In this case, how can I verify the genuine user?
- Is there is some other technique to overcome this thing?
- Should I use TLS to overcome this vulnerability?