I an building a multiplatform app based on HTML5 and CSS3. For the building I use Phonegap. The build generates an APP for IOS and APK for Android. But when unzipping the generated ipa or apk file, I can browse through the www structure and see the content of all files. One of these files contains with js an AJAX request URL to one of my external servers. Is there a way to protect this URL from being so easily discovered?
Asked
Active
Viewed 749 times
1
-
maybe http://stackoverflow.com/questions/194397/how-can-i-obfuscate-javascript – zapl Apr 25 '12 at 16:57
-
To be honest almost everything can be decompiled and debugged in Android fairly easily by anyone that can follow instructions easily googled for. To make it a bit tougher you could store the URL on a cut-out server that only talks to your authorized app, but this starts getting painful pretty quickly so you might want to think about why that URL is critical (is the data unprotected on the server, and if so why) instead of just protecting the URL – Idistic Apr 25 '12 at 17:20
-
The URL is passing the device id to do the check on server side, but maybe I was just "shocked" in a way to see the complete www folder without any protection. Somebody tried out Proguard for Android or is this just obfuscating java code and it leaves the www folder untouched? – nicBBB Apr 25 '12 at 18:18
-
If the device is attached to a debugger or a network sniffer, all your ajax requests will be visible, so there is no point of hiding them. If you are really using private data that you don't want anyone to see, consider encrypting your data then decrypt it on server-side. – dlock Apr 26 '12 at 06:36
-
Obfuscating a URL may not be really useful: someone could snif all communications made by the app to detect for ex the API you're using with you server. – user276648 Apr 08 '14 at 09:50
1 Answers
2
You may want to write a plugin to store your URL on the native side and retrieve it when you need to do the AJAX request. Mind you that will only make it harder to figure out the URL not impossible. Once you start to go down this path you end up making life harder on yourself and your users.
Simon MacDonald
- 23,253
- 5
- 58
- 74