Let me explain the context of my question. I'm designing an application in Android that works consuming a web service. For all inquiries carried out to that web service, you must authenticate to each perform.
I tried to use SSL certificates for greater security, but at the moment it is too advanced for me just knowing how to create a certificate, then install it on the server and on the client and the connection between them that way (If anyone has a tutorial will be welcome).
For now, I managed to connect via http without any protection. To authenticate the device that performs, IMEI shipping plus a random password (created in the registry).
Well, my question is whether this is an acceptable way or is there more optimal way that take care information that those using the app.
Thank you very much for your help, since I have no one else to turn.