Is there a way to protect the contents of the /www folder?


#1

Hi everyone,

I’ve noticed that there are a couple of tools out there that can break apart an .apk file which will allow someone to get access to basically all of its contents, including compiled .class files, javascript, templates, html, images and whatever else.

I’ve actually tried one of these “apk break apart” applications on a few sample apk’s and it does in fact allow you to get to all of it’s assets.

My question is the following:

Does anyone know of a way of protecting an .apk’s internal assets from prying eyes if someone got access to an app’s apk and breaks it apart? I’m looking to protect proprietary code, images and whatnot.

Any ideas / techniques or links are appreciated.

EDIT: I’m talking about more hardened techniques besides the general uglify / minify, such as password protecting a .zip containing most of the /www folder, etc.

~ Brad


#2

Hi, maybe use minification and obfuscation, there is a grunt tool that allow you to uglify your code


#3

I’m talking about more hardened techniques besides the general uglify / minify, such as password protecting a .zip containing most of the /www folder, etc.


#4

You could try to encrypt your files. This article discusses a possible approach (iOS only).


#5

Hmmm… that’s interesting. That article gives me some ideas.


#6

If your code is too sensitive to be in an app store, you’re coding it wrong. Even apple apps can be decompiled and ripped apart, which is why and how they’ve been able to jail break iOS, root Android, etc. You can minify and obfuscate your code, but it’s a lot of added work and it’s always possible that it would break parts of your app so you have to re-test everything a bunch.

What kind of sensitive stuff is in the app specifically? Document encryption? User auth?


#8

Okay, that was extremely rude and you’re not giving us a good amount of detail to help. If there is a specific reason why you need something encrypted one of us might have an idea how to do that securely outside of JavaScript somehow. I wish you the best luck but please don’t treat people like that on the forums. I feel extremely disrespected and uncomfortable. This is an open place to learn, grow, and gain ideas.


#10