Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

React-Native app reverse engineering and obfuscation

Is react-native expo generated apk obfuscated?

exp build:android

How can I retrieve my react native JS source code back using that apk? Do I need dex to java compilers for this purpose?

Looking for your valuable suggestions as I am concerned about the security of my react native app and trying to compare obfuscated vs non-obfuscated code

like image 449
artsnr Avatar asked Oct 04 '18 07:10

artsnr


People also ask

Can we reverse engineer a React Native app?

Reverse Engineering process of the React Native application is ease. Sensitive credentials and API endpoints can often be extracted from React Native applications by analyzing the JavaScript code. If you're building React Native apps with sensitive logic, be sure to protect them against code theft.

Does React Native obfuscate code?

Non-Native Code Obfuscation can be added to any Xamarin, Cordova or React Native JS application on iOS or Android instantly, without code or coding.

How do I secure API keys in React Native?

If you must have an API key or a secret to access some resource from your app, the most secure way to handle this would be to build an orchestration layer between your app and the resource.


1 Answers

There is no need to decompile the app using dex to java tools.

If you generate a production build it will be minified, but this is far from being a high level obfuscation which you can try to achieve with react-native-obfuscating-transformer

You can find the js bundle by opening the apk with a zip archive manager. The bundle will be at:

/assets/index.android.bundle

In anycase, any client side code should be treat as unsafe, if you need security use your backend to handle it.

like image 190
Or Duan Avatar answered Oct 02 '22 20:10

Or Duan