I am developing a mobile application. I have a question, and here is the stage.
If a person logs into the app with the Google Login API on a public network. The website will verify the user with its
Email ID and if verified, the website will return the user's details in return, such as their mobile phone number, address and other information. Meanwhile, from that public network, a person has sniffed the
Email ID of the user and that person uses that
Email ID to retrieve user details.
In this case, how can I verify the genuine user?
- Is there any other technique to overcome this?
- Should I use TLS to overcome this vulnerability?