Are hybrid apps safe?

Asked

Viewed 1,038 times

2

I’m starting to want to develop hybrid applications like Phonegap, Cordova or Intel-XDK. Hybrid applications run in a kind of browser. I wanted to know is possible to steal codes made in hybrid applications. Everyone knows anyone can see the source code of a website. So if I were to use database connections it would be invalid to use hybrid applications. (Since it is possible to steal information from the database or even delete data with this connection information).

I know that hybrid applications use Javascript as a programming language. Is it possible to steal this information after it is compiled? Some tool that inspects element maybe.

apache-cordova intel-xdk

  • One thing that can be done not to have access to bank access data or anything you want to protect would be you create a webservice and then your application would only consume this webservice leaving the whole business rule on your server away from snoopers.

  • But this means that it is possible to steal the code after it is compiled?

  • If you do it using a webservice there is no way to steal what is on your server but anyone with a little knowledge can Inspect your page and be able to take what is inside javascript quietly talking about web page but if you make an application to mobile using a phonegap or Ionic framework the code inside will be safe.

  • It’s an app made in phonegap or Ionic, it’s a hybrid app for mobile. Can’t you inspect elements in these apps? If I don’t, you’ve answered my question.

  • Ionic or phonegap creates an executable with its html code inside and that would be the same thing as a native language like a java of life and yes it protects your code, now if you play html on the web ai is worth all that I answered you so far.

2 answers

1

What can be done is a very quick google search:

How to protect javascript code.

I will not put response link from another site but google search will always bring expected results.

  • If hybrid apps already do this security for me there is no reason why I should search how to protect my Javascript. The Ideal answer would be the same one you put in the comment. Because the question is about hybrid apps and not how to protect Javascript. You could edit your answer to adapt the question, so I can put as resolved.

  • And even if you can’t read the compiled code, you have to see if the phonegap browser hides the information within the browser (phonegap apps run in a browser embedded in the code itself). Then you would have to see if it is valid to put information as a connection to the database there. (Maybe some other application that steals HTML) I still have doubts about the security of the phonegap. Soon I want to know why it is safe.

  • This type of question cannot be answered simply with a google search because I searched and found no site talking about the security of phonegap/Ordova and etc. If you find please post.

  • You misunderstood me, I didn’t put this link as if you hadn’t searched it was just to get an idea that there are ways to do this, is that if I put a link from a site that has the answer without putting the answer call my attention then I put this link only as a search source.

  • A yes, now I understand. It’s a way to protect the code if someone can access the source code right.

1


It depends on the platform you will develop..

*Android -> Generates APK, which are fragile, opening them with Winrar it will show all your code in the www folder.

*iOS -> A little safer, but there is a way to easily open files . ipa (I think this is the one), with Winrar.

*Windows Phone -> is the most complicated to achieve, when compiling in Visual Studio (in Phonegap it generates a .xap, whose is not universal and cannot easily publish in the store), if copying via Phonegap is a little insecure, if you create a project in Visual Studio, besides it being universal (for Windows and Windows Phone) it will be safe as soon as you send to the store and Microsoft put the certificates in the package, so it becomes very difficult to open the files of the same.

However it should have means to make the code safe, a very simple improvement is to encrypt the files using Windows itself.

  • Seriously, you can get the www for Winrar, if this is true, it’s a serious security breach. If this is true, how do we do this? Once compiled I thought I had no way to get the code. What I was thinking about was stealing the code from the Phonegap browser. I can’t believe Winrar can do this.

  • From what I understand, when compiling it generates an apk, xap, etc.. From there on PC just go in Explorer with the right click on open with Winrar, there will be a folder called www and there will have your entire app, on Windows Phone that is fixed when you publish the app in the Store, they block the file for opening.. On Android, any APK can be opened with Winrar.. Now, if you leave the app online without compiling it is more difficult for the 'smart guys' to try to see your code, but if by stealing data you mean login etc, then it is much more difficult for someone to steal data.

  • That is, it will only be easy if all the same app files are in apk file etc

  • I don’t know if Phonegap can access the WWW folder, but I opened the file. apk compiled by intel XDK and could not find this WWW folder. And it had some encrypted files.

  • Cool, I’m going to go see the Intel XDK so Phonegap can clearly see the kk files, besides practically forcing you to leave the app as open source.. Does Intel allow advertising? Only it doesn’t support Windows Phone right? But no problem, I use Visual Studio, it’s even better the app

  • It supports the phone Windowns. I made an app on phonegap Builder and actually has a WWW file there. But on the Intel XDK I could not find this folder and I do not know if it is possible to get it.

  • I downloaded the Intel XDK, really is very good, tonight I will pass my application to him and see how it looks, because in Phonegap he loses a lot the quality (so I was using Visual Studio for Windows and Windows Phone) In addition it has several emulators and extensions, thanks for talking about the Intel kk had already heard about, but I was not curious to look

  • Good, it builds for Windows too. I liked it a lot, I liked it even more after I found out that it is safer.

  • Mine is not wanting to create project, I create a new project or select to import my files it is loading infinitely :( Just because I found it very interesting

  • Create a topic and send the link to me.

Show 5 more comments

Browser other questions tagged apache-cordova intel-xdk

You are not signed in. Login or sign up in order to post.