An Android package cannot be completely secured from reverse-engineering. Instead, its is recommended that you use tools for code obfuscation and secure any propriety code on a server - have the app request data from a service. Please have a look at Android's Secure and Design guidelines
for more information. I would also recommend going through this SOF discussion
which focuses on securing your Android app code.
I would further recommend that you go through this post
as it outlines the main strategies for securing a hybrid Cordova-based app. You can also have a look at Cordova's Security Guide
. Generally, it isn't recommended to keep any sensitive data on the device. The LocalStorage
provides some level of data integrity but only as much as the specific platform (iOS, Android) is able to protect your app's data from being read by other apps. This is why it is recommended that you secure sensitive data either on the server using secure requests or using SQLite
to keep data but along with the SQLCipher
extension to encrypt the database files.
Let me know if that information helps.