Ask away

protect contents of android app in NEST IDE

Brian 01/10/17 10:08


Question CategoryConfiguration,Component,Properties

Number of completed projects0

Question StatusUnsolved

  • Android
  • NEST
  • JS obfuscators
  • reverse


I'm developing the NEST app for Android (so it's all HTML/CSS/Javascript code). This app is going to feature contents that I don't want them to be freely distributed on the internet, mostly audios, videos and some XML files. Although those contents will be loaded from a server and other content providers, a user could unzip the APK and look into the www folder, analyze the source code (mostly jQuery and jQuery Mobile stuff) and find the direct paths to all those contents. Then, easily download them. Those paths might be inside the javascript code or inside XML files. Is there any way to prevent this? I know of JS obfuscators, but I believe that they're pretty easy to reverse.


Eddy 01/13/17 11:49

I think you've pretty much answered your own question. Obfuscation is the only way to "protect" the Javascript code, and there really is no way to protect the content. You try encryption, but the Javascript code to un-encrypt it will be exposed, so that solution practically useless. Perhaps one option is to encrypt content on the server with a key provided by the user, then download it on the app's first run. This has obvious drawbacks as well: Some kind of separate user registration or account is required, entering a password every time the app starts is inconvenient, dealing with lost passwords, et cetera. There are lots of obfuscation libraries for Javascript, just Google for them.

Joseph 01/16/17 23:19

"Resources are world-readable by design. Even if you were to not package the ""images or soundFX files"" as resources but were to download them on first run, users with root access could still get to the files. Since this is not significantly different than any other popular operating system humanity has developed, it is unclear why you think this is an Android problem. Sufficiently interested users can get at your ""images or soundFX files"" on iOS, Windows, OS X, Linux, and so on."

Joyce V 01/17/17 13:28

I guess for this you need secure services. Instead of hard coding the path of asset (audio ,video etc) in javascript, call the service to get path for the same.

Maria 01/17/17 17:32

if services are secure, user will need to send some type of session id or so. so only authorized user can download the content. I see only this possibility.