IBM WorkLight android源碼安全

Question

我正在使用IBM WorkLight 4.0版本，目前我正在開發一個簡單的保險應用程序，一切都做得很好。 Android安裝完成後，從.APK（android安裝文件）中，我可以提取HTML5和javascript源代碼。我覺得它對黑客不安全，可能會被某些人濫用。

請問任何人都可以告訴我如何在安裝/部署中保護代碼？

Answer 1

對此的回答是在創建APK之前對您的代碼進行混淆。有關混淆visit wiki的更多信息。

我以前的stackoverflow後告訴如何做到這一點的android。 How to avoid reverse engineering of an APK file?

爲JavaScript混淆訪問這個計算器問題 How can I obfuscate (protect) JavaScript?

還有一個件事HTML 不能被模糊，你可以看到HTML源代碼和相關的CSS按F12。

Answer 2

Worklight 4.0在2013年仍在使用？ :)

Android Proguard無法用於Worklight v4到v6.2（當前版本）中基於Worklight的Android應用程序。

在Worklight中爲Android應用程序添加某種程度的模糊處理的唯一方法是使用Google Closure編譯器。您可以按照Anton Aleksandrov的以下博客文章中的步驟操作：Obfuscating JavaScript code in Worklight applications。

注：

Wikipedia defines code obfuscation in a following way 
In software development, obfuscation is the deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for humans to understand. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic, in order to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code. Programs known as obfuscators transform readable code into obfuscated code using various techniques. 

Two important things to be noted from the above definition are 
- The purpose of code obfuscation is to conceal its purpose, prevent tampering, deter reverse engineering or puzzle someone reading the code. 
- Obfuscated code is difficult for humans to understand. 

So basically obfuscating your code means converting it to a format that is difficult for humans to read. Not impossible. Just difficult. 
Therefore - it is very important to understand that code obfuscation, especially in JavaScript, is a relatively weak security measure. Most modern web debugging tools are smart enough to "prettify" the obfuscated code reverting it to a much more readable (however still not original) format.