Nativescript: Question about apk's assets folder and source code in it

Hi,

This is actually a known issue with ALL of the JavaScript frameworks, ReactNative, Titanium, FuseJS, Ionic/Cordova/Phoegap. All of them you can extract the JS code out of them. . Now, I have some good news for you; There is an already released product (Disclosure: I'm the developer) call https://AppProtection.net that will encrypt the source.

@NathanaelA thanks for your kind response
is there any open source solution ? :smile:

Doesn't this happen with native Android apps also, unless you use proguard or some encryption utility? I think I've opened some native apps and seen the java source.

@bradmartin exactly its not that easy !

in native apk you have compiled classes and dex files ! and yes , with some tools , you can extract source code which with help of proguard , they are hard to read and use .

but extracting from nativescript apk is easy as copy and paste.

@hamidrezabstn - unless you use a commercial tool on the Java side it is trivial to extract the sources and pull any valuable data out, the source might be a little harder to read with proguard; but most the time not very much more, i personally have no issues with proguard'd apps.... ;-) DexGuard (commercial) does a much better job, but again it isn't perfect.

Now as to NativeScript encryption; Telerik is coming out with a open source plugin to encrypt the app soon ( not sure the release date yet ). I have already been able to evaluate it and it offers about as much protection as the cordova/phonegap/ionic encryption plugin does; which is to say if you hand me your app I can decrypt all the source code in under a minute. ;-) It will protect against a script kiddie; but any decent developer that has a couple hours to waste can figure out a couple ways to decrypt cordova or telerik's encryption system trivially...

So basically Telerik's is like a simple proguard, and mine is like dexguard. ;-)

Yea I know about NativeScript and all the other hybrids being in the open.
I've opened them myself plenty and a few native apps. Just not compiled any
native to know that process too well.

On Mon, Oct 24, 2016, 2:43 AM Hamidreza Bistooni [email protected]
wrote:

@bradmartin https://github.com/bradmartin exactly its not that easy !

in native apk you have compiled classes and dex files ! and yes , with
some tools , you can extract source code which with help of proguard , they
are hard to read and use .

but extracting from nativescript apk is easy _as copy and paste._

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/NativeScript/NativeScript/issues/2946#issuecomment-255669838,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFulhFJ8HjRRAh83PDoxp4zkhvvrJeqXks5q3GG9gaJpZM4KeEnV
.

Hey @hamidrezabstn ,
We can actually enable UglifyJS plugin for Webpack. Will this work for you?

Hi @enchev

yes it should help ! could you explain it a bit more ?
or give me some reference for learning it !

@hamidrezabstn
Nice blog article about using webpack and uglify here

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.