I have mobile app created using Framework7 Cordova app. My goal is to encrypt files in assets directory (JS and HTML files) so they are unreadable to people, who unzip the APK file and want to see the JS sources.
Ok, i know there is no absolute perfect solution. On my way to this question I’ve already tried options how to solve copy protection of my sources (JS minification, obfuscation, etc…), but I found out that it’s very simple to get to the original code (using JSBeautifier, firebug, including obfuscated scripts, etc…).
So my question is - is there some simple way how to encrypt JS+HTML files (so they are not readable and useful when simply unzipping APK file) and how to implement it in JAVA for Android platform ?
Note: I have no knowledge of JAVA language, so please include working example which I can use.
You can’t encrypt your js files as far is i know. The browser needs to read them to make the app work. if you don’t want to show your source js files, you can use an SSR solution.
In that way the user only gets the fully rendered html, and not the Js files. you can use a token to validate the user identity. So you can prevent to send the requested page if the token is invalid JWT. if you go with the JWT approach, just and advice, don’t store the token. E.g. local storage. Because it can be easy retrieved.