-1

I have been working on ionic 3 mobile applications. I obfuscate typescript codes using ionic-voricles-obfuscate plugin (https://www.npmjs.com/package/ionic-voricles-obfuscate)

While reverse-engineering the APK using Apktool , Android library classes in Cordova plugins are not obfuscated. The Application security team asking to Obfuscate the Java / Android packages using Proguard in order to prevent the application from run time code manipulation, due to this my application is rejected by Appsec team.

I have referred lots of articles, all are very brief introduction about Proguard tool. I am confused whether I am approaching the right method for obfuscating my Ionic mobile application. I am new to Mobile application development and don't have hands of experience in code obfuscation.

Alex Filatov
  • 2,232
  • 3
  • 32
  • 39
King Cool
  • 1
  • 3
  • Please read [Under what circumstances may I add “urgent” or other similar phrases to my question, in order to obtain faster answers?](//meta.stackoverflow.com/q/326569) - the summary is that this is not an ideal way to address volunteers, and is probably counterproductive to obtaining answers. Please refrain from adding this to your questions. – halfer Feb 19 '20 at 23:08
  • use cordova-plugin-proguard https://alfilatov.com/posts/how-to-setup-proguard-in-cordova-application/ – Alex Filatov Nov 20 '20 at 02:57

1 Answers1

0

The answer on whether your approach is right will depend on many factors - e.g. what is the level of security you want to achieve, what are the constraints set forth by your Appsec team.

  • If you need stronger obfuscation and your appsec team is already familiar with Proguard, you can try DexGuard, which:

  • Proguard will provide less security, but it's free & open source. For the Proguard approach, you can check out this question and the manual on the developer's website.

Anton Baranenko
  • 564
  • 1
  • 4
  • 7