Security with Ionic

prashanth17naik · October 6, 2015, 3:43pm

Hi Guys, How secure is Ionic application? Is my source code will be available to Public when I publish ?
Can anyone give me more insight on this?

gmarziou · October 6, 2015, 5:35pm

Yes, the only thing you can do is to minify it.

prashanth17naik · October 6, 2015, 6:06pm

Thanks, Does Ionic cache the data response ? Is data safe ?

prashanth17naik · October 6, 2015, 6:28pm

I am trying to understand how safe and secure using Ionic framework in production level.

gmarziou · October 6, 2015, 8:50pm

As far as I know ionic view caching is in memory, not persisted.

Data caching is developer’s choice and responsibility, for instance it is disabled by default in AngularJS $http.

Beside that, I consider that data is as safe as it is in a desktop browser running a single page application.

cybernatic · October 6, 2015, 9:06pm

For additional information NATIVE APPS are also has weak security. So if you afraid of something just dont build an app.

prashanth17naik · October 7, 2015, 7:10pm

that was a good piece of information ,Thanks .

prashanth17naik · October 7, 2015, 7:11pm

I understand that ,… Thanks for the info,

gmarziou · October 7, 2015, 8:47pm

Good article:

mrsoto · October 8, 2015, 4:46pm

The same problem exist in compiled c# or java which may be decompiled.

If the app is a lite weight frontend the real core may be safe at the backend.

cybernatic · October 8, 2015, 7:59pm

Sure @mrsoto. The best way to secure an app is secure BACKEND service!

akhil · October 9, 2015, 3:43pm

You can do the following to encrypt your js files.

First concatenate all js files into 1 file and compress it here: http://jscompress.com/
Obfuscate the compressed file here: https://javascriptobfuscator.com/Javascript-Obfuscator.aspx

Now replace the source js files from your solution with the obfuscated js file. Your app will run just fine. Only drawback, file size will increase a bit, but its really very hard to reverse engineer the js file.

Hope this help!!! Happy coding

fox · October 9, 2015, 4:08pm

If you’re doing anything with data transfer there are a few things you could look at

Use an API for all access.
Use tokens for access
Encrypt data where possible
Ensure you use data access policies on any data tables so people can only access their own data EVEN though they are going via the API
Authenticate every call against the token

There are far more comprehensive answers out there with regard to this.

With regard to protecting your code - short answer is that you can’t really. You can make it harder for users by minifying etc but it can all be undone if someone really wants to. Ideally by using API calls and storing your core functionality remotely there isn’t any easy way for someone to just ‘clone’ your app without being able to know and then entirely rewrite the back end.

Hopefully that helps a little.

nicraboy · October 9, 2015, 4:16pm

Hey @prashanth17naik,

Doesn’t matter if you use native code or hybrid code, it is very easy to see the source code to your application:

Like other people shared, the best thing you can do is minfiy your code. However if someone is dedicated enough, they can still work around it.

Best,

aarondeveloper · October 7, 2016, 5:57pm

Hey dude, i try doing this solution but my app is not opening correctly, i just have an app.js and the ionicbundle.js etc… what do i have to concatenate all js into 1 and how do i do it?