Hello guys, I am using Ionic 2 and I have placed json in assets folder. I have successfully compile the code and created apk.
Now the problem is if some technical/wise user extract apk using winrar, It shows assets folder in extracted files but I don’t want to public that JSON file. I want to hide json somewhere in apk which user cann’t access.
All real security is on the server side, and the most critical part is behind Firebase/Google, which we assume to be a hardened gateway. We have a directory on the server that the client cannot read, which lists the user id’s with administrative access. The server enforces these rules, and also reports to the client if an admin signs into the app. Then the client (i.e., the app) exposes edit and delete buttons that a standard user can’t see. Someone who hacks the app could expose the buttons anyway, but would be unable to delete, because the server would not permit it. Finally, the admin accounts all have two-factor authentication enabled.
So the role of the client side of security is cosmetic, while the role of the server side is to enforce rules.
Re: your JSON file: it depends what you need it for. But in general, people make money on the internet by giving a lot of stuff away, and then offering things for sale on top of that. So you might not need to protect as much information as you think you do.