我正在使用IBM workLight 4.0版本,目前我正在开发一个简单的保险应用程序,一切都做得很好。 Android安装程序完成后,从.APK(android安装文件)我可以提取HTML5和javascript源。我觉得这是黑客的不安全感,可能会被某人误导。
有人可以告诉我如何在安装/部署中保护代码吗?
答案 0 :(得分:0)
答案是在创建APK之前对代码进行混淆。有关混淆visit wiki的更多信息。
我以前的stackoverflow帖子告诉如何为android做这件事。 How to avoid reverse engineering of an APK file?
对于Javascript混淆,请访问此stackoverflow问题 How can I obfuscate (protect) JavaScript?
HTML 无法的另一件事是混淆,你可以通过按F12看到HTML源和相关的CSS。
答案 1 :(得分:0)
Worklight 4.0在2013年仍在使用? :)
Worklight v4到v6.2(当前版本)中基于Worklight的Android应用无法使用Android Proguard。
在Worklight中为Android应用添加一定程度的混淆的唯一方法是使用Google Closure编译器。您可以在Anton Aleksandrov的以下博客文章中按照以下步骤执行此操作:Obfuscating JavaScript code in Worklight applications。
注意:
Wikipedia defines code obfuscation in a following way
In software development, obfuscation is the deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for humans to understand. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic, in order to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code. Programs known as obfuscators transform readable code into obfuscated code using various techniques.
Two important things to be noted from the above definition are
- The purpose of code obfuscation is to conceal its purpose, prevent tampering, deter reverse engineering or puzzle someone reading the code.
- Obfuscated code is difficult for humans to understand.
So basically obfuscating your code means converting it to a format that is difficult for humans to read. Not impossible. Just difficult.
Therefore - it is very important to understand that code obfuscation, especially in JavaScript, is a relatively weak security measure. Most modern web debugging tools are smart enough to "prettify" the obfuscated code reverting it to a much more readable (however still not original) format.