On the last section on Platform Security, it mentioned a way to secure the source code in PhoneGap apps.
Reverse engineering is a concern of many people that use PhoneGap since one can simply open an application binary and look at the JavaScript source code of the application. One could even go so far as to add malicious JavaScript code, re-package the application and re-submit it to app stores / markets in an attempt at app phishing. This practice could be undertaken with any application whether it is written with PhoneGap or otherwise since it is a similarly simple task to decompile either Java or Objective-C.
PhoneGap can actually get around this security concern since application developers can download JavaScript in their application at runtime, run that JavaScript, and delete it when the application closes. In that way, the source code is never on the device when the device is at rest. This is a much more difficult prospect with Java or Objective-C let alone the restrictions in the App Store around dynamically running Objective-C code.
However, I would like to know how can I prevent others to download my source code on server?
I'd suggest annotating your code and then running it through Google's Closure Compiler, which will obfuscate it and perform certain optimizations. This will make it very difficult for people to read your code, but beyond that you're just going to have to live with the fact that JS is a client side language.
How about the following pattern:
Continuous upgrading follows painlessly.
I would suggest:
When App gets started:
Rather then sending new js code , its better to push json dynamic data and keep the js code obfuscated on the device.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With