diff --git a/backend/src/main/java/com/imeeting/config/AndroidApiSecurityConfig.java b/backend/src/main/java/com/imeeting/config/AndroidApiSecurityConfig.java
deleted file mode 100644
index 126f060..0000000
--- a/backend/src/main/java/com/imeeting/config/AndroidApiSecurityConfig.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package com.imeeting.config;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.web.SecurityFilterChain;
-
-@Configuration
-public class AndroidApiSecurityConfig {
-
-    @Bean
-    @Order(1)
-    public SecurityFilterChain androidApiSecurityFilterChain(HttpSecurity http) throws Exception {
-        http.securityMatcher("/api/android/**")
-                .csrf(AbstractHttpConfigurer::disable)
-                .authorizeHttpRequests(authorize -> authorize.anyRequest().permitAll());
-        return http.build();
-    }
-}
diff --git a/backend/src/main/java/com/imeeting/config/WebSocketSecurityConfig.java b/backend/src/main/java/com/imeeting/config/WebSocketSecurityConfig.java
deleted file mode 100644
index a953c1d..0000000
--- a/backend/src/main/java/com/imeeting/config/WebSocketSecurityConfig.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package com.imeeting.config;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.web.SecurityFilterChain;
-
-@Configuration
-public class WebSocketSecurityConfig {
-
-    @Bean
-    @Order(0)
-    public SecurityFilterChain webSocketSecurityFilterChain(HttpSecurity http) throws Exception {
-        http.securityMatcher("/ws/**")
-                .csrf(AbstractHttpConfigurer::disable)
-                .authorizeHttpRequests(authorize -> authorize.anyRequest().permitAll());
-        return http.build();
-    }
-}
diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml
index 132fd57..7eafe19 100644
--- a/backend/src/main/resources/application.yml
+++ b/backend/src/main/resources/application.yml
@@ -42,6 +42,8 @@ unisbase:
     permit-all-urls:
       - /actuator/health
       - /api/static/**
+      - /api/android/**
+      - /ws/**
   internal-auth:
     enabled: true
     header-name: X-Internal-Secret