Facebook API Question posted in
The official documentation for the Facebook APIs can be found here.

Phonegap App Security – API keys and code – Facebook api

I am building Android apps using Phonegap. The apps use rest APIs. But I have serious questions regarding the security of the API keys. I have been looking for answers everywhere, but the issue hasn’t been answered well. As you know, an android apk can be extracted and the Phonegap folder can be reverse engineered. I have these questions/possible solutions regarding the problem :

  1. Is there a way (maybe plugin) to password protect the “www” folder? So that when someone extracts an apk, there must be a password that is protecting the phonegap files. I extracted many apks and saw this implemented on many Phonegap based apps.
  2. Is there a way to save the API keys in config.xml and read it using JS?
  3. Is there a way to securely authenticate a phonegap app without using login authentications like facebook, google, linkedin or twitter? This is in the case of simple apps that do not require login, but still use those APIs

I have used the Javascript obfuscation. But need a more robust option.
Can anyone help out?

Tags:

2

Answers


  1. 0

    The best way to accomplish this is (if you don’t have control over the API). To set up your own server side API That stores your credentials and then use that API to make a request to the other API, then your API can send back the response. Think off it like this.

    APP > YOUR API > API > YOUR API > APP

    Login or Signup to reply.
  2. 0

    I think

    https://github.com/tkyaji/cordova-plugin-crypt-file

    plugin might help you around. Still it will decrypt the stuff during run time.

    This thread also have a similar topic.

    How to encrypt the content assets folder in phonegap android application

    Hope this helps. 🙂

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search