Menu
For native apps, you can protect your source code by building a framework and access it like a blackbox.
For react-native app, is it possible to build the business logic or some components into something similar? (e.g. npm packages but how to hide the source code? The best way is to obfuscate the npm package with JScrambler?)
I'm building an app for a client, they didn't purchase the license to own the code. And they refuse to let us have access to their certs to publish the app, what are the alternatives to solve this issue?
808
Compared to Native applications, it is highly vulnerable to extorting core logic and source code hacking. Applications developed by React Native has high a vulnerability in extorting core logic and source code hacking. Security per language mainly used in the mobile app is as follows.
Android - Keystore react-native-encrypted-storage - uses Keychain on iOS and EncryptedSharedPreferences on Android. react-native-sensitive-info - secure for iOS, but uses Android Shared Preferences for Android (which is not secure by default).
I think that offline bundle make the job:
For ios
react-native bundle --dev false --entry-file index.js --bundle-output ios/main.jsbundle --platform ios
For android
react-native bundle --dev false --entry-file index.js --bundle-output android/app/src/main/assets/index.android.bundle --platform android --assets-dest android/app/src/main/res/
With --dev false it is obfuscated (--minify true) by default
Give your clients the android and ios folders for them to compile the native code themselves
108
For JavaScript code, the best option is probably obfuscation, and JScrambler probably works well. I do not know any other good solution than obfuscation for this particular issue.
I work on a team that just released a new JavaScript obfuscation product JSDefender, and it has specific support for React Native that maybe you could try as an alternative to JScrambler.
30
You can use these scripts in your package.json. Also it's good for performance.
"bundle-ios": "react-native ram-bundle --entry-file index.js --platform ios --dev false",
"bundle-android": "react-native ram-bundle --entry-file index.js --platform android --dev false"
And I don't know which version of react you use, but if you use higher than 0.60.4, you should check Hermes which can be used for android, it converts your js to bytecode.
2
use the following obfuscator
react-native-obfuscating-transformer
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
