I am working on an android application which gets some data from the web service that was also written by me in PHP. Now I want to make the connection between my android application and my web service secure enough so that no one can intrude in between. I have really no idea in which direction to go. Should I use the SSL and some certificate mechanism. Kindly guide me what to do
Thanks !
Use https / SSL for your web service, there are some common pitfalls when configuring this (certificate security, encryption algorithms, perfect forward secrecy etc). In addition, your app can validate that the certificate is not issued by "Hacked CA of Faraway" or "Evil Three Letter Agency Org" but from the CA you selected.
The only attack you are still facing is someone calling your webservice because your app probably has no certificate of its own. Use a basic auth that is compiled to your app or something simple. No real protection but better than nothing : )