Is react-native expo generated apk obfuscated?
exp build:android
How can I retrieve my react native JS source code back using that apk? Do I need dex to java compilers for this purpose?
Looking for your valuable suggestions as I am concerned about the security of my react native app and trying to compare obfuscated vs non-obfuscated code
Reverse Engineering process of the React Native application is ease. Sensitive credentials and API endpoints can often be extracted from React Native applications by analyzing the JavaScript code. If you're building React Native apps with sensitive logic, be sure to protect them against code theft.
Non-Native Code Obfuscation can be added to any Xamarin, Cordova or React Native JS application on iOS or Android instantly, without code or coding.
If you must have an API key or a secret to access some resource from your app, the most secure way to handle this would be to build an orchestration layer between your app and the resource.
There is no need to decompile the app using dex to java tools.
If you generate a production build it will be minified, but this is far from being a high level obfuscation which you can try to achieve with react-native-obfuscating-transformer
You can find the js bundle by opening the apk with a zip archive manager. The bundle will be at:
/assets/index.android.bundle
In anycase, any client side code should be treat as unsafe, if you need security use your backend to handle it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With