Hello,

For secure access we have the following options as far as I understand:

1. use SSL between the API endpoint and the Layar gateway server (prevent eavesdropping)

2. use OAuth to authenticate requests from the layar gateway server (prevent unauthorized access by other parties than Layar)

The latter is documented (more or less) here: http://layar.pbworks.com/w/page/7783213/API-structure

BUT: how is the traffic between the Layar gateway server and the final client (the Layar app running on the user's handset) handled? What kind of security is there or can be enforced and how?

This is in many cases the most vulnerable connection as it travels through unknown mobile operators networks or even potential malicious open wifi access points.

I could not find any documentation how this is working and what guarantee there is regarding the protection of this part of the connection.