0

I am curious to know of available options, that a developer can use to secure sensitive information inside the mobile application. This is to prevent anyone from breaking the app and use keys for some nefarious purposes. Example of sensitive data includes passwords of APIs, which app can use seamlessly in the background to retrieve data.

Code obfuscation can help but cannot prevent from stealing the information;

Local storage options such as nativescript-couchbase or nativescript-secure-storage -if my understanding is correct- depends on feeding the information manually after installing the app. But the information needs to be available inside the app at the time of shipping.

OAuth is not an option as it requires the user to login in order to receive the tokens. JWT is neither an option, as the APIs are protected just using basic authentication.

I am using nativescript/angular2 but i would appreciate any generic simple yet effective ideas..

Grizzled Squirrel
  • 311
  • 3
  • 14

1 Answers1

0

I think you are looking for obfuscation here, securing the information within your source code. By default {N} has uglify plugin configured within webpack, it gives the basic obfuscation.

There is Jscrambler support which is paid.

Also, speaking of Sqlite, there is commercial version of the plugin that supports encryptions but I haven't tried it personally. You may feed your data into it and pack your db at build time then install the db on first launch.

Manoj
  • 21,753
  • 3
  • 20
  • 41