I change my .apk file to .zip and open it on WinRAR. The problem is assets folder is showing so my JS and HTML files are shown. I am using Cordova to develop my app.
How can I hide the assets from the .apk?
If you wouldn't have the assets on the .apk, how could they be in the device when you install the app? Of course those need to be available and as it says already on the security guide of Cordova:
Do not assume that your source code is secure
Since a Cordova application is built from HTML and JavaScript assets that get packaged in a native container, you should not consider your code to be secure. It is possible to reverse engineer a Cordova application.
After installing the app on the device, you are of course allowed to download the assets from online and even store them for offline usage with something like File plugin, but that is completely different case and maybe not even what you wish to do.
Cordova - How to hide asset folder in .apk
1)Encrypted all Cordova assets files.
2)Decrypt the files and move to the internal storage during runtime.
3)Access your assets files from internal storage( this.getFilesDir().getAbsolutePath()).
Following these things will keep your file and method calling safe as they are accessible only
to internal storage.
Replace launchUrl "android_asset" to "data/data/io.cordova.hellocordova/files/"
Example: modify the dev source.
1) "file:///android_asset/www/index.html"; to Replace
"file:///data/data/io.cordova.hellocordova/files/www/index.html";
2) "file:///android_asset/www/index.html"; to Replace
"file:///data/data/io.cordova.hellocordova/files/www/index.html";
Related
I am building an android application which has combined functionalities of Native(Android-Kotlin) and React-Native.
We have a requirement to update index.android.bundle file at runtime after the user installed an application. How can I achieve this requirement?
I am having the following queries on the same.
Can I place index.android.bundle file outside of assets folder in android?
Where can I place Fonts and Drawable assets which are used by react-native functionality?
Requirement is:
After the user installing an application. If we have any updates in react-native functionality without re-publishing an application in play-store, we have to download and update the index.android.bundle file in the assets folder.
As per Android restrictions, we cannot add or change any file in assets folder at run-time/dynamically.
I have created an app using Cordova, After doing release signed apk,
When I unzip the apk, It is showing all assets like index.html and my custom JS.
Is there any way to restrict it?
An APK file is basically a ZIP file and all the assets are visible to everybody. Therefore if you use techniques like hybrid apps (Cordova) all your JavaScript code is directly accessible.
There is only one way to "prevent" (or to be realistic it is more "complicate access") access to the resources:
Buy an APK protection tool that includes resource encryption (e.g. DexProtector or something similar).
See also
How to avoid reverse engineering of an APK file?
I've been having some issues playing radio streams with MediaPlayer in a particular case. But that's not the point, the point is that I found an app that does exactly what I can't do, and I'm suspecting that is because It's using the Cordova / Phongap media plugin. My question is, given an apk there's anyway to know if the apk was build with Phonegap / Cordova or if was made with plain native Android code?
You download the apk (there are online tools to do that)
You unzip the apk (an apk is just a zip with a specific content)
In the extracted folder search for the assets\www\ folder.
If it's a cordova or phonegap app, you should see a file cordova.js in that folder.
(Yes, it's that easy to get all the sources of a cordova app :( )
I made an Android activity and deploy it to my device using eclipse. Now i would like to add a INI configuration file to it.
What would be the right place to install this file on the device ?
I want want this configuration file to be modifyable without having to open the project using eclipse so that someone without programming knowledge or developping tools could still be able to modify this config file.
Thank you :)
What would be the right place to install this file on the device ?
External storage. It is the only place the user has access to.
You might package a template or starter version of your configuration file inside your app, such as in assets/, then copy that file to external storage on first run of your app (or if the user accidentally deletes or corrupts the copy on external storage).
I am using sqlite database in my application,i want to copy this sqlitedatabase file when creating apk file and paste on mobile during the installation of the application.Is there any packaging options to do this ?
Thanks in advance
Ragu, there is a broadcast that occurs when installing apps from the market place but since you are installing your app, the event obviously doesn't get received by your app.
Copy the database file to your assets folder and on the first invocation of the application, you might be able to copy the file from your asset folder into internal storage.