I have an app in iOS and Android which mostly run on webview and all the logic happens there. The problem is I don't want my html and javascript files on the server to be trackable and I want to protect their code. I wanted to ask if there's any way to protect these codes so that anyone with a server address can't access the html and javscript files on their browsers and only the app can access them to run.
Thanks
-
Similar to the needs of the SO Question: Securely Sending PHP Get Information from iOSzaph– zaph2015-05-19 05:28:06 +00:00Commented May 19, 2015 at 5:28
Add a comment
|
2 Answers
Your javascript and html stuff could be loaded as encrypted data to the local storage afterwards decrypted and injected into the WebView locally. The loading javascript client from the local resource doesn't prevent to communicate with the remove service even then the original domain was local.
4 Comments
m0j1
Thanks very much, but can this data be accessed on the user's device afterwards? I mean is it downloaded like normal html and js file? I was thinking about this way but the only thing I knew was to download them as simple zip file
Denis Voloshin
If I understand your design correcly, the client logic might be downloaded usingn any secure method (as a simple encrepted zip) for example.You can do that once or apply some update policy. Then the native app code is responsible to decode it and load into the WebView as if it came from the server.
m0j1
Thanks, do you know any good enryption technique to achieve this and also be able to decode it on android?
Denis Voloshin
you can consider this stuff where the AES method is described pretty good stackoverflow.com/questions/15554296/…
In short: No!
You are asking: Is there a way that my clients will process the html/javascript code from my backend but will not be able to see it?
You can make it harder for people to actually read your code by obfuscate it, or by encrypting it, but in the end your clients need to process it, so there will always be a way to see it.
The only true way to hide your code is to manage the logic in your backend. Javascript and HTML cannot do that. You can use PHP or java server side or C# web to achieve this.
