2

I have an app in iOS and Android which mostly run on webview and all the logic happens there. The problem is I don't want my html and javascript files on the server to be trackable and I want to protect their code. I wanted to ask if there's any way to protect these codes so that anyone with a server address can't access the html and javscript files on their browsers and only the app can access them to run.
Thanks

m0j1
  • 4,067
  • 8
  • 31
  • 54
  • Similar to the needs of the SO Question: [Securely Sending PHP Get Information from iOS](http://stackoverflow.com/q/30297392/451475) – zaph May 19 '15 at 05:28

2 Answers2

1

Your javascript and html stuff could be loaded as encrypted data to the local storage afterwards decrypted and injected into the WebView locally. The loading javascript client from the local resource doesn't prevent to communicate with the remove service even then the original domain was local.

Denis Voloshin
  • 768
  • 10
  • 32
  • Thanks very much, but can this data be accessed on the user's device afterwards? I mean is it downloaded like normal html and js file? I was thinking about this way but the only thing I knew was to download them as simple zip file – m0j1 May 20 '15 at 06:27
  • If I understand your design correcly, the client logic might be downloaded usingn any secure method (as a simple encrepted zip) for example.You can do that once or apply some update policy. Then the native app code is responsible to decode it and load into the WebView as if it came from the server. – Denis Voloshin May 20 '15 at 07:06
  • Thanks, do you know any good enryption technique to achieve this and also be able to decode it on android? – m0j1 May 20 '15 at 16:49
  • you can consider this stuff where the AES method is described pretty good http://stackoverflow.com/questions/15554296/simple-java-aes-encrypt-decrypt-example – Denis Voloshin May 20 '15 at 18:19
1

In short: No!

You are asking: Is there a way that my clients will process the html/javascript code from my backend but will not be able to see it?

You can make it harder for people to actually read your code by obfuscate it, or by encrypting it, but in the end your clients need to process it, so there will always be a way to see it.

The only true way to hide your code is to manage the logic in your backend. Javascript and HTML cannot do that. You can use PHP or java server side or C# web to achieve this.

Ilya Gazman
  • 31,250
  • 24
  • 137
  • 216