I’d like to collect some ideas what you guys do to ensure nobody just copies your app, modifies it (e.g. replacing bundle id, AD ids, IAP ids, …) and puts it online as copied version.
Do you know any good resources about that topic for cordova/ionic apps?
So what I’m doing so far:
encrypting AD/IAP ids
encrypting all values stored to DB
highly obfuscating this encryption/decryption logic and anything closely related
Yes I know @Sujan12. The idea is just to make it as hard as possible, as always in security topics… The more time they need to invest and the more complicated it gets, the more unlikely it will be. But sure, there’s never the 100% solution and there is always the risk.
you could make a request to a server in your code and don’t start the app if it is called - with uglify it would be difficult to restore[ unless they like using the debugger]. ( --prod --release when building it)
One way to make it harder is to move as much logic and credentials to your server, so you have a point where you can block or redirect requests. If your app talks to an API, don’t talk to it directly but via a simple file on your server.
I once saw a gulp plugin that does some Js encryption using AES. It generates a byte array with encrypted data. Made a couple of experiments but didn’t find a reliable way of recovering the encryption key without exposing the logic behind that endpoint .
There are numerous articles on the internet, which point out, that you most likely don’t need to worry about copycats. So instead of worrying about copycats, you should focus on building your brand and the best app you can come up with.
Hope this helps. Though I wouldn’t go nuts since copy cats can just create a new app off your current one by copying it’s look and features without ever viewing/copying any of the underlying code. In my opinion the hardest part of app development is coming up with the idea. Therefore, I suggest copyrighting your app and then suing anyone who creates a knockoff that can cost you business.