你想要做的是使用相互认证的 SSL，这样你的服务器只会接受来自你的应用程序的传入连接，你的应用程序只会与你的服务器通信.

What you want to do is employ mutually-authenticated SSL, so that your server will only accept incoming connections from your app and your app will only communicate with your server.

这是高级方法.创建自签名服务器 SSL 证书并部署在您的 Web 服务器上.如果您使用的是 Android，您可以使用 Android SDK 附带的 keytool 来实现此目的；如果您使用的是其他应用程序平台，也有类似的工具可供使用.然后创建一个自签名客户端并将其部署在您的应用程序中作为资源包含在您的应用程序中的自定义密钥库中(keytool 也会生成它).将服务器配置为需要客户端 SSL 身份验证并仅接受您生成的客户端证书.将客户端配置为使用该客户端证书来标识自己，并且仅接受您在服务器上安装的用于该部分的一个服务器端证书.

Here's the high-level approach. Create a self-signed server SSL certificate and deploy on your web server. If you're using Android, you can use the keytool included with the Android SDK for this purpose; if you're using another app platform, similar tools exist for them as well. Then create a self-signed client and deploy that within your application in a custom keystore included in your application as a resource (keytool will generate this as well). Configure the server to require client-side SSL authentication and to only accept the client certificate you generated. Configure the client to use that client-side certificate to identify itself and only accept the one server-side certificate you installed on your server for that part of it.

如果您的应用程序以外的某人/某物尝试连接到您的服务器，则不会创建 SSL 连接，因为服务器将拒绝传入的 SSL 连接，这些连接不提供您的应用程序中包含的客户端证书.

If someone/something other than your app attempts to connect to your server, the SSL connection will not be created, as the server will reject incoming SSL connections that do not present the client certificate that you have included in your app.

对此的分步说明比此处所保证的要长得多.我建议分阶段执行此操作，因为网络上有关于如何在 Android 中处理自签名 SSL 证书的资源(我不太熟悉如何在其他移动平台上执行此操作)，包括服务器端和客户端.我的书中还有一个完整的演练，Android 平台的应用程序安全，由 O'Reilly 出版.

A step-by-step for this is a much longer answer than is warranted here. I would suggest doing this in stages as there are resources on the web about how to deal with self-signed SSL certificate in Android (I'm not as familiar with how to do this on other mobile platforms), both server and client side. There is also a complete walk-through in my book, Application Security for the Android Platform, published by O'Reilly.