Login/Register
Prevent reverse engineering of ionic application
Asked Answered
Solved angularjscordovaionic-frameworkproguardcordova-plugin-proguard
T

2

9

Is there a way to prevent reverse engineering of ionic mobile application? As mentioned in Android forum I've activated proguard and built the application in eclipse. A file called proguard was created in my bin folder. It contained something like this

 view AndroidManifest.xml #generated:6 
-keep class com.fg.lolc.CordovaApp { <init>(...); }

But I still could reverse engineer the app and I was able to get the code from my APK. Is there a way to prevent this and improve the security of the ionic application? Thanks.

Townshend answered 9/12, 2014 at 3:44 Comment(1)
use cordova-plugin-proguardCollectivize
D
10

Nope, it isn't possible to prevent this. You can encode your JavaScript to make it a little harder to get the code, but there are always ways to reverse that. The web is not a secure place for source code, it is open for all.

Here is a good post about different ways to 'encrypt' your source code, to make it harder to read.

http://www.justbeck.com/three-ways-to-encrypt-phonegap-and-cordova-mobile-applications/

Related How to avoid reverse engineering of an APK file?

Dogy answered 9/12, 2014 at 5:43 Comment(3)
You might also check out this: blog.nraboy.com/2014/11/extract-android-apk-view-source-codeMarxist
Hey Jeremy, why don't you discuss this in the Ionic Book? I recently posted the question on chapter 6. Thanks for the feedback, although I wasn't able to resolve that. Working on a different app.Inquire
I could have discussed it, though it isn't something that I considered a requirement. I wanted to keep the book focused, so it didn't make the cut.Dogy
D
3
if you want secure your ionic app from  reverse engineering and fully 
secured source code i recommended two steps.
First use Enable ProGuard into cordova/ionic project 

1. To implement this, open /platforms/android/project.properties and 
   uncomment one line by removing the “#” at left:
   #proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-
   project.txt

2.copy proguard-custom.txt from ( https://github.com/greybax/cordova-plugin-
    proguard/blob/master/proguard-custom.txt ) 
                   to
     $android/assets/www/proguard-custom.txt Remove '#'
     #-keepclassmembers class android.webkit.WebView {
     # public *;
     # }

3. add snippet from to build.gradle
     Find buildTypes by ctrl + F and add like this 
    buildTypes {
    debug {
        minifyEnabled true
        useProguard false
        proguardFiles getDefaultProguardFile('proguard-android.txt'),
                'proguard-rules.pro'
    }
    release {
        minifyEnabled true
        proguardFiles getDefaultProguardFile('proguard-android.txt'),
                'proguard-rules.pro'
       }
   }

Second use cordova-plugin-crypt-file
obfuscate or encrypt your code like build/main.js
1)Install cordova plugin add cordova-plugin-crypt-file
2)plugins/cordova-plugin-crypt-file/plugin.xml

  //Using Refrence of cordova-plugin-crypt

  <cryptfiles>
     <include>
         <file regex="\.(htm|html|js|css)$" />
    </include>
    <exclude>
        <file regex="exclude_file\.js$" />
    </exclude>
  </cryptfiles>

Final step ionic cordova build android --release
 Now extreact your apk  or try APK decompiler 
  (http://www.javadecompilers.com/apk)
Drumm answered 5/10, 2017 at 6:58 Comment(1)
Thank you so much for your explanation! Helped me out to get started and add a bit of security to my work. Had to disable the "minifyEnabled" part of proguard cause it leads to failures. I also had to quickfix the cordova-plugin-crypt-file plugin found here: github.com/tkyaji/cordova-plugin-crypt-file/issues/59Emmerie

© 2022 - 2024 — McMap. All rights reserved.