How to protect source code of chrome packaged app?

Asked 29/1, 2014 at 9:6 Answered 3/2, 2014 at 13:41

Solved javascript security google-chrome google-chrome-app copy-protection

If a chrome app can work offline it means that source code is downloaded somewhere.

My question is how to protect it?

The only thing that comes to my mind is minification of javascript code. Is there anything else?

Treaty answered 29/1, 2014 at 9:6 Comment(3)

Javascript is downloaded to the client machine (and can be manipulated there) for this reason it can never be secure or secret. As you say the best you can hope for is obfuscation. – Loveinidleness 29/1, 2014 at 9:8

@Liath, it seems to be an answer - post it. btw do you know where a source code located on the client machine? – Treaty 29/1, 2014 at 9:22

@Qvarta JS is going to be down to the browser in question - I'm afraid I don't know enough about chrome extensions to be able to tell you any more. Different question! – Loveinidleness 29/1, 2014 at 9:25

Javascript is downloaded to the client machine (and can be manipulated there) for this reason it can never be secure or secret. As you say the best you can hope for is obfuscation.

Loveinidleness answered 29/1, 2014 at 9:24 Comment(1)

I just downloaded a packaged app and ran it. I didn't see a way to inspect/manipulate the source code like with a web page. Any ideas? – Pearliepearline 2/2, 2015 at 22:55

There is nothing to protect it as all in the web.

But you can add a license text ;)

––––– Update: you can try to use snapshot if you use the nw.js

Elasticity answered 29/1, 2014 at 9:11 Comment(0)

You could try to put most of your app's functionality into a NaCL module. Good luck with that :-)

Eppie answered 29/1, 2014 at 18:55 Comment(0)

Javascript is downloaded to the client machine (and can be manipulated there) for this reason it can never be secure or secret. As you say the best you can hope for is obfuscation.

Loveinidleness answered 29/1, 2014 at 9:24 Comment(1)

I just downloaded a packaged app and ran it. I didn't see a way to inspect/manipulate the source code like with a web page. Any ideas? – Pearliepearline 2/2, 2015 at 22:55

From google developers FAQ

Can I sell a packaged app?
Yes, but there are risks in doing so. Specifically, it is easy for motivated people to bypass payments for packaged apps. This holds true even if you have used our Licensing API in your locally stored packaged app, since locally stored content is not secure and can be modified (including calls to the Licensing API). If you’d like to have the option of blocking access to your app by unauthorized users, selling a packaged app may not be the right solution for you. An alternative to consider is moving to a hosted app model with a server-side licensing check.

Treaty answered 3/2, 2014 at 13:41 Comment(0)

Recommended topics

Hot tags