Security with Ionic


#1

Hi Guys, How secure is Ionic application? Is my source code will be available to Public when I publish ?
Can anyone give me more insight on this?


#2

Yes, the only thing you can do is to minify it.


#3

Thanks, Does Ionic cache the data response ? Is data safe ?


#4

I am trying to understand how safe and secure using Ionic framework in production level.


#5

As far as I know ionic view caching is in memory, not persisted.

Data caching is developer’s choice and responsibility, for instance it is disabled by default in AngularJS $http.

Beside that, I consider that data is as safe as it is in a desktop browser running a single page application.


#6

For additional information NATIVE APPS are also has weak security. So if you afraid of something just dont build an app.


#7

that was a good piece of information ,Thanks . :smile:


#8

I understand that ,… Thanks for the info, :smile:


#9

Good article:


#10

The same problem exist in compiled c# or java which may be decompiled.

If the app is a lite weight frontend the real core may be safe at the backend.


#11

Sure @mrsoto. The best way to secure an app is secure BACKEND service!


#12

You can do the following to encrypt your js files.

  1. First concatenate all js files into 1 file and compress it here: http://jscompress.com/
  2. Obfuscate the compressed file here: https://javascriptobfuscator.com/Javascript-Obfuscator.aspx

Now replace the source js files from your solution with the obfuscated js file. Your app will run just fine. Only drawback, file size will increase a bit, but its really very hard to reverse engineer the js file.

Hope this help!!! Happy coding :smile:


#13

If you’re doing anything with data transfer there are a few things you could look at

  1. Use an API for all access.
  2. Use tokens for access
  3. Encrypt data where possible
  4. Ensure you use data access policies on any data tables so people can only access their own data EVEN though they are going via the API
  5. Authenticate every call against the token

There are far more comprehensive answers out there with regard to this.

With regard to protecting your code - short answer is that you can’t really. You can make it harder for users by minifying etc but it can all be undone if someone really wants to. Ideally by using API calls and storing your core functionality remotely there isn’t any easy way for someone to just ‘clone’ your app without being able to know and then entirely rewrite the back end.

Hopefully that helps a little.


#14

Hey @prashanth17naik,

Doesn’t matter if you use native code or hybrid code, it is very easy to see the source code to your application:

Like other people shared, the best thing you can do is minfiy your code. However if someone is dedicated enough, they can still work around it.

Best,


#15

Hey dude, i try doing this solution but my app is not opening correctly, i just have an app.js and the ionicbundle.js etc… what do i have to concatenate all js into 1 and how do i do it?