- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi.
First to say Intel XDK is a great product; I can do anything and all options needed to make my apps accesible so, I have everything I need.
But today a question arose to my mind... Assuming reverse engineering is always possible... how difficult would be inspecting my code by anyone who gets my .apk?
I was sure there was a way for some obfuscation procedures to make the code difficult to see but today I've discovered that I can easily see all folders, all javaascript code, all HTML files, etc...
So the question is, is there a way to hide it, to make it more difficult to access?
Thank you.
Antonio
- Tags:
- HTML5
- Intel® XDK
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your positive feedback! At this time I don't think there is any obfuscation built in to the XDK or the build service, but there are a number of obfuscators available that you could use in parallel with the XDK. You'd have to replace your javascript source files with obfuscated versions just before doing a build. I think that would work.
If you like I can mention it as a feature request in the future.
Dale
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Dale.
Thank you for the fast answer. I had already thought about such a possibility; using existing obfuscators and just copying the resulting code. But, to the best of my knowledge, they make inspecting the code a little bit more difficult to explore but.... with a little work, ALL important algorithms which can't be moved to a server for speed reasons will be available and inspected
I just thought XDK provides a better utility for protecting code.
Yes!, Of course I'd like you to mention it as a feature request in the future. Please, do it!
I'm sure making apps with XDK where the core process is on the server it's the best bet but, I'm afraid it's not my case.
In the meantime I will go on prototyping improvements on my related apps but, only running my app on my own smartdevice.
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Dale - the generalized feature request for this, and many other items, is the ability to integrate support for some additional tools in the XDK lifecycle. In addition to obfuscation, such support would allow things like easy inclusion of Typescript or ES6 (via a transpiler) as well as automating SASS/LESS into CSS. Having it integrated into the XDK would make it easier for sourcemaps, etc, to get where they need to be for doing live debugging, etc.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Barry, that's a good way to think of it and I expect would be valuable to lots of people. I'll pass the suggestion on and see what kind of traction I can get.
Dale
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, please put it on (top of) the list together with Barry's suggestion to support additional tools in the XDK.
We always minify all JS sources before making an release. Not because of prevent reverse engineering but for speed.
But after compiling a release we have to check the app again to see if everything is still working.
It's always a hassle and time-consuming.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
antonio.bejar@dimensiona-systems.com wrote:
how difficult would be inspecting my code by anyone who gets my .apk?
Very easy, just rename your .apk to .zip and open it and you will see you own magic!!!!

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page