Prevent reverse engineering of ionic application

10.7k views Asked by At

Is there a way to prevent reverse engineering of ionic mobile application? As mentioned in Android forum I've activated proguard and built the application in eclipse. A file called proguard was created in my bin folder. It contained something like this

 view AndroidManifest.xml #generated:6 
-keep class com.fg.lolc.CordovaApp { <init>(...); }

But I still could reverse engineer the app and I was able to get the code from my APK. Is there a way to prevent this and improve the security of the ionic application? Thanks.

2

There are 2 answers

3
Jeremy Wilken On BEST ANSWER

Nope, it isn't possible to prevent this. You can encode your JavaScript to make it a little harder to get the code, but there are always ways to reverse that. The web is not a secure place for source code, it is open for all.

Here is a good post about different ways to 'encrypt' your source code, to make it harder to read.

http://www.justbeck.com/three-ways-to-encrypt-phonegap-and-cordova-mobile-applications/

Related How to avoid reverse engineering of an APK file?

1
Manoj Bhardwaj On
if you want secure your ionic app from  reverse engineering and fully 
secured source code i recommended two steps.
First use Enable ProGuard into cordova/ionic project 

1. To implement this, open /platforms/android/project.properties and 
   uncomment one line by removing the “#” at left:
   #proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-
   project.txt

2.copy proguard-custom.txt from ( https://github.com/greybax/cordova-plugin-
    proguard/blob/master/proguard-custom.txt ) 
                   to
     $android/assets/www/proguard-custom.txt Remove '#'
     #-keepclassmembers class android.webkit.WebView {
     # public *;
     # }

3. add snippet from to build.gradle
     Find buildTypes by ctrl + F and add like this 
    buildTypes {
    debug {
        minifyEnabled true
        useProguard false
        proguardFiles getDefaultProguardFile('proguard-android.txt'),
                'proguard-rules.pro'
    }
    release {
        minifyEnabled true
        proguardFiles getDefaultProguardFile('proguard-android.txt'),
                'proguard-rules.pro'
       }
   }

Second use cordova-plugin-crypt-file
obfuscate or encrypt your code like build/main.js
1)Install cordova plugin add cordova-plugin-crypt-file
2)plugins/cordova-plugin-crypt-file/plugin.xml

  //Using Refrence of cordova-plugin-crypt

  <cryptfiles>
     <include>
         <file regex="\.(htm|html|js|css)$" />
    </include>
    <exclude>
        <file regex="exclude_file\.js$" />
    </exclude>
  </cryptfiles>

Final step ionic cordova build android --release
 Now extreact your apk  or try APK decompiler 
  (http://www.javadecompilers.com/apk)