How to secure my code of being reverse engeneering?

Hello everyone!
Need a help ASAP!
Is there any docs\tuts for making an app source more securable?
There is an big security issue of being the app source is readable by unzipping the APK file.

Please give any ideas to secute it.
Im using REST server for my backend.

There’s something called “obfuscation” which essentially means that the generated output is more abstract than the code you’ve written so it would be harder for others to understand it after decompilation.

Read this : http://stackoverflow.com/questions/149937/creating-non-reverse-engineerable-java-programs

Maybe it would help you with some of the concepts

1 Like

I think in short, you cannot prevent reverse engineering, especially for what is essentially a HTML/JS/CSS application. As mentioned, you can obfuscate the code, but if someone REALLY wanted your app code, they could get it.

I quickly decided that the benefits Cordova/Ionic give me in relation to ease of cross platform development far out weigh the negatives of the source code being basically openly available.

To be clear, this is not just a Cordova/Ionic issue, you can effectively reverse engineer any APK/IPA file, there are even online services that let you upload said package and they return the source, simple as that. As an example, I just decompiled the android twitter client via the form.

Ideally I would prefer the code wasn’t so available, but if anything this improved my focus for what I might consider security issues. The apps I have made also access a remote API and it is within this API that all of the security measures occur. I coded the app as if it were open source, so there are no short cuts or cheats for security that can be hidden there.

Doesn’t really help you I know, but there we go.

Minify, Uglify your code is a good step, preventing someone to read the code very easily otherwise.

1 Like

One of my subscribers showed me the following:

I have no further information on its quality though.

6 Likes

Thank you everyone!
:slight_smile: Anyway I get more than just a none of comments.
I guess i will use uglify,minify and so on but there is none of apps which are truly secured with.

Offtopic:
Thank you for your video tutorials series on YouTube channel.
Please keep doing this :smile:

No problem. I have a bunch queued up :smile:

1 Like

By just unzip I can access the completed code and drawables of any IONIC developed app…

This is absolutely terrible. Why can not Ionic apply some security action in order to avoid source code is read? No no no.

Because there isn’t really any concept of “source code” versus “object code” in an interpreted language like JavaScript. If the JavaScript can’t be read, the program can’t be run.

You can still obfuscate your code during the build process using either js-obfuscator or obfuscator from npm. You could probably even use both, sequentially if their scrambling algorithm is any different. Well obfuscated js code is not much different than java code compiled into pseudoassembly within .class files.

There is also a commercial solution called jscrambler.

There’s also an online tool to quickly paste js code in and one-click obfuscate it, in case you want to test the waters.

I have no idea how/if obfuscating your code impacts performance, although I believe it shouldn’t affect it noticeably.

This is the Best plugin for Cordova/PhoneGap app source code security.
try this plugin: cordova plugin add https://github.com/tkyaji/cordova-plugin-crypt-file.git