Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Amishi_S_
Beginner
192 Views

Encrypt files in Intel XDK

Hi,

I downloaded an application from play store that is created using Intel XDK and then converted its .apk file into a .zip file. Extracting the zip file gave me all the source code of that application. How do i prevent my application code from being public? Is there a way to encrypt the files?

Tags (2)
0 Kudos
11 Replies
Swati_S_Intel1
Employee
192 Views

Some developers have used this plugin to encrypt the code, you can try that : https://github.com/tkyaji/cordova-plugin-crypt-file. Or you can obfuscate your javascript code using other third-party tools like UglifyJS or minify using MinJS. 

Amishi_S_
Beginner
192 Views

Hi,

I have installed the plugin in Plugins Manager on Projects tab. I even got the message Plugin successfully added. After adding the plugin i again built the apk file. Then renamed that apk file to zip to check, but the files were as it is, all code was visible.

In order to perform encryption on the files do i have to add any code in html files? Please help.

PaulF_IntelCorp
Employee
192 Views

Unfortunately, that plugin will not work with our build system because it relies on a "hooks" script. Those scripts are currently blocked by our build system for security reasons. We are working on a build system that would isolate the risk of these issues so we can enable them, until that time, you only option (if you want to use that plugin) is to build your app locally using CLI.

Amishi_S_
Beginner
192 Views

Hi,

Ok so this means that i cannot use Intel XDK to create encrypted apps?? Also i read that apps created through Cordova CLI can be built in the Intel XDK but again it was mentioned that the plugins that run hooks scripts cannot be used with the app.

What should i do then? Drop the idea of using Intel XDK to create my first app or is there any other solution?

 

PaulF_IntelCorp
Employee
192 Views

If you wish that plugin to encrypt your app you will have to use Cordova CLI directly. Other options have already been mentioned, using something to "uglify" or "obfuscate" your code.

Amishi_S_
Beginner
192 Views

Hi,

I have read all the documentation regarding the file encryption through obfuscating the javascripts but these are also hackable. So i want to use the Cordova file encrypt plugin only. But since this is not supported in Intel XDK hence i have decided to create the app using intel xdk and then during final release we would compile the www folder of intel xdk using cordova CLI and create the APK file.
So please inform that for doing this what are the changes we have to make in www folder of Intel XDK app so that it compiles and runs correctly after compiling with Cordova? Please help.

 

PaulF_IntelCorp
Employee
192 Views

Your app is very compatible with Cordova CLI. The main thing you need to do is create a config.xml for Cordova CLI and add the platforms and re-add the plugins. You do not need to change anything in your www directory. Here's the basic set of steps for converting your project to a CLI project:

  • install native dev tools (e.g. Android Studio, Xcode, Visual Studio)
  • install Cordova CLI (recommend CLI 6.x)
  • create a new Cordova project using CLI
  • cordova platform add the platforms you want to build for (depends on your dev system)
  • cordova plugin add the plugins you are using with your app
  • review the XDK build settings and intelxdk.config.additions.xml file and translate into config.xml entries in your new project

That last step may initially feel confusing, but there is a lot of similarity between the contents of the various intelxdk.config.*.xml files and the Cordova CLI config.xml file. Ours are modeled after theirs and, in many cases, are the identical set of directives.

Another alternative is to use PhoneGap Build. Note that PhoneGap CLI is a thin layer on top of Cordova CLI, so you'd have to do something similar to convert to PhoneGap if you want to use their tools.

Once you have your new Cordova CLI app in place, you can "import" it using the XDK, and then work with it within the XDK. Make a copy of your project before you do this just in case you have some issues, the XDK import facility is not that smart.

SithLord
New Contributor I
192 Views

Amishi S. wrote:

Hi,

I have read all the documentation regarding the file encryption through obfuscating the javascripts but these are also hackable. So i want to use the Cordova file encrypt plugin only. But since this is not supported in Intel XDK hence i have decided to create the app using intel xdk and then during final release we would compile the www folder of intel xdk using cordova CLI and create the APK file.
So please inform that for doing this what are the changes we have to make in www folder of Intel XDK app so that it compiles and runs correctly after compiling with Cordova? Please help.

 

 

As far as i'm aware the best you can hope for is obfuscation even with object code.  It's physically impossible to prevent someone from examining logic contained in code that executes.

Read the docs on that plugin and make sure you understands what it does and  does not do so you don't get a false sense of security.

Michael_O_2
New Contributor I
192 Views

Another way of obfuscating your code is by uglifying your code and probably saving the decryption mechanism on a server.

That way the app will only work when the device is online.

On the server side you should also create some filters in order to prevent an intrusion.

tarini_t_
Beginner
192 Views

Hi,

Is there any way to protect data of data driven applications in Intel XDK?

I have gone through the given below link to establish database connection in Intel XDK:
http://qnimate.com/create-a-intel-xdk-app-with-php-and-mysql-backend/

As per this link the javascript code that we insert in the application files, there we pass url of the database connection file stored on server. 
var xhr = new XMLHttpRequest();
xhr.open("GET", "http://domain?get_rows=json", false);
Is there any way to hide this url?

For security we would obfuscate the javascript file but what if someone decodes the file and use this url? Also is there any other way to make sure that the database connection file could be included only by our app?

PaulF_IntelCorp
Employee
192 Views

The whole question of how to secure your app is a very difficult one to answer simply. It would be best to explore the Cordova and PhoneGap solutions that people have come up with (on StackOverflow, for example). The XDK creates a Cordova app, so the solutions that will work for Cordova or PhoneGap will work with the XDK, because the XDK is creating a Cordova app (and PhoneGap is also creating a Cordova app).

Note, there are a few plugins that do not work with the XDK, due to our lack of support for gradle scripts in plugins. That is an issue we are working to resolve, but be aware that most plugins that include custom gradle scripts will not work with out current build system.

Reply