How to copy protect PhoneGap Android app ? Is Android Market Copy protect feature useful?

Asked 27/5, 2011 at 19:30 Answered 28/5, 2011 at 11:57

Solved android cordova obfuscation google-play copy-protection

I have PhoneGap app in Android. Now I am ready to publish it, but I would like to protect the app from eyes of script-kiddies. I first thought that it is impossible, than I have discovered "Copy protection" feature when publishing the app on the market. So I was excited, but when I turned it ON, it didn't actually does nothing.

I can install the app on the rooted phone with no problem, I can copy it on SD card and see all the sources. I thought that this "Copy protection" feature will not allow people with rooted phones to install the app. Or am I missing something ?

Is there ANY way how to make it at least difficult, if not disable it at all, for people to see all my HTML and JS sources in my app ?

Falco answered 27/5, 2011 at 19:30 Comment(2)

The 3 first answers are too general. I am looking for something more specific for PhoneGap app in Android. How to make the assets (HTML+JS+DB) unreadable or obfuscated, so it will be very hard to use them by someone evil ? – Falco 27/5, 2011 at 19:47

possible duplicate of How to encrypt HTML+JS assets in Android Phonegap mobile app? – Grease 2/4, 2012 at 15:13

The copy protection feature has been deprecated by Google. Do not use it.

Use ProGuard to obfuscate your code.
Encrypt your assets and decrypt them as you read them.
Use the Licensing mechanism if you have a paid app.

Cespitose answered 27/5, 2011 at 19:37 Comment(0)

The best combination I've found is the DojoToolkit and the Closure Compiler in Advanced Mode.

Closure in Advanced Mode makes JavaScript code almost impossible to reverse-engineer, even after passing through a beautifier. Once your JavaScript code is obfuscated beyond any recognition and any possibility to reverse-engineer, your HTML won't disclose much of your secrets.

This link for using the Dojo Toolkit with the Closure Compiler in Advanced Mode for mobile applications:

http://dojo-toolkit.33424.n3.nabble.com/file/n2636749/Using_the_Dojo_Toolkit_with_the_Closure_Compiler.pdf?by-user=t

Uncomfortable answered 28/5, 2011 at 11:57 Comment(0)

The Android market copy protection is so not useful that Google is planning to remove it.

If you want it to be difficult to view your embedded resources you should encrypt them. This will not make it impossible, just more difficult. After all, the decryption key must be accessible by your app, and you should assume that everything your app can do can be observed by someone dedicated towards it.

Bilbe answered 27/5, 2011 at 19:39 Comment(0)

The Copy Protection feature is going to be phased out IIRC. You need to use the Application Licensing service instead. I tried it a while ago & it was giving a few false "Unlicensed" responses, but you can apply caching or ignore the results it gives.

Tandi answered 27/5, 2011 at 19:39 Comment(0)

Recommended topics

Hot tags