How to encrypt HTML+JS assets in Android Cordova mobile app?


#1

I have mobile app created using Framework7 Cordova app. My goal is to encrypt files in assets directory (JS and HTML files) so they are unreadable to people, who unzip the APK file and want to see the JS sources.

Ok, i know there is no absolute perfect solution. On my way to this question I’ve already tried options how to solve copy protection of my sources (JS minification, obfuscation, etc…), but I found out that it’s very simple to get to the original code (using JSBeautifier, firebug, including obfuscated scripts, etc…).

So my question is - is there some simple way how to encrypt JS+HTML files (so they are not readable and useful when simply unzipping APK file) and how to implement it in JAVA for Android platform ?

Note: I have no knowledge of JAVA language, so please include working example which I can use.


#2

You can’t encrypt your js files as far is i know. The browser needs to read them to make the app work. if you don’t want to show your source js files, you can use an SSR solution.
In that way the user only gets the fully rendered html, and not the Js files. you can use a token to validate the user identity. So you can prevent to send the requested page if the token is invalid JWT. if you go with the JWT approach, just and advice, don’t store the token. E.g. local storage. Because it can be easy retrieved.


#3

#4

do not waste your time
you simply can’t do it
i have seen more complex things been cracked in a few sec

if you got something to hide => put it on your server
if you are a paranoid (like me) => use VPN (on your server)


#5

I have use this plugin for encryption for my application which is developed in framework7 version 1.