apk/ipa Security

Thread is closed for posting
2 posts, 0 answers
  1. krishna
    krishna avatar
    1 posts
    Member since:
    Jan 2016

    Posted 05 Feb 2016 Link to this post


    I am using app builder to create apk/ipa for my application. But it can be unzipped (change the extension to jar and unzip the file) . then anyone can see all the code resides in apk/ipa.

    is there any feature provided by app builder which restrict people to unzip the apk/ipa files.

  2. Tina Stancheva
    Tina Stancheva avatar
    3299 posts

    Posted 10 Feb 2016 Link to this post

    Hello Krishna,

    An Android package cannot be completely secured from reverse-engineering. Instead, its is recommended that you use tools for code obfuscation and secure any propriety code on a server - have the app request data from a service. Please have a look at Android's Secure and Design guidelines for more information. I would also recommend going through this SOF discussion which focuses on securing your Android app code. 

    I would further recommend that you go through this post as it outlines the main strategies for securing a hybrid Cordova-based app. You can also have a look at Cordova's Security Guide. Generally, it isn't recommended to keep any sensitive data on the device. The LocalStorage provides some level of data integrity but only as much as the specific platform (iOS, Android) is able to protect your app's data from being read by other apps. This is why it is recommended that you secure sensitive data either on the server using secure requests or using SQLite to keep data but along with the SQLCipher extension to encrypt the database files. 

    Let me know if that information helps.

    Tina Stancheva

    Visit the Telerik Verified Plugins Marketplace and get the custom Cordova plugin you need, already tweaked to work seamlessly with AppBuilder.

Back to Top