Your Web News in One Place

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
April 19, 2024 05:18 am GMT

Securing Apps In React Native

a) JailMonkey (Ref.)

JailMonkey is a React Native library designed to detect potential security threats on a users device. It includes several checks to determine if a device is jailbroken (iOS) or rooted (Android). Lets delve into some key security checks provided by JailMonkey

Some apps need to protect themselves in order to protect data integrity. JailMonkey allows you to:

  • Identify if a phone has been jail-broken or rooted for iOS/Android.
  • Detect mocked locations for phones set in "developer mode".
  • (ANDROID ONLY) Detect if the application is running on external storage such as an SD card.

Installation:

yarn add jail-monkeyornpm install jail-monkey

Usage:

Then inside App.js add,

import JailMonkey from 'jail-monkey';import RNExitApp from 'react-native-exit-app';  const checkJailMonkey = useCallback(() => {    const isJailBroken = JailMonkey.isOnExternalStorage() || JailMonkey.isJailBroken();    if (isJailBroken && !__DEV__) {      Alert.alert(        textString.securityWarning,        textString.jailBrokenWarning,        [{ text: 'OK', onPress: () => RNExitApp.exitApp() }],        { cancelable: false }      );    }  }, []);  useEffect(() => {checkJailMonkey()  }, []);

b) React Native Code Obfuscation

Introduction

Code obfuscation is a technique used to make code difficult to understand and analyze. In React Native, code obfuscation can be used to protect intellectual property, prevent reverse engineering, and improve the security of your application.

We will separately obfuscate javascript, native android and ios.

1. For React Native Javascript part: (Ref.)

Obfuscate React Native Code using Metro Plugin

a) Install:

npm i -D obfuscator-io-metro-pluginoryarn add -D obfuscator-io-metro-plugin

b) Once the plugin is installed, you will need to add it to your Metro configuration file. You can do this by adding the following code to your metro.config.js file:

const jsoMetroPlugin = require("obfuscator-io-metro-plugin")(  {    // for these option look javascript-obfuscator library options from  above url    compact: false,    sourceMap: false, // source Map generated after obfuscation is not useful right now so use default value i.e. false    controlFlowFlattening: true,    controlFlowFlatteningThreshold: 1,    numbersToExpressions: true,    simplify: true,    stringArrayShuffle: true,    splitStrings: true,    stringArrayThreshold: 1,  },  {    runInDev: false /* optional */,    logObfuscatedFiles: true /* optional generated files will be located at ./.jso */,  });module.exports = {  transformer: {    getTransformOptions: async () => ({      transform: {        experimentalImportSupport: false,        inlineRequires: false,      },    }),  },  ...jsoMetroPlugin,   /*add this line in your previous module after defined above*/};

2. For React Native Android part: Ref.

Note: We are using R8 here for code obfuscation.

In android/app/build.gradle, add:

def enableProguardInReleaseBuilds = true...    buildTypes {        debug {        }        release {debuggable false // Disable debugging for release buildsshrinkResources enableProguardInReleaseBuilds // Enable resource shrinking in release builds if ProGuard is enabledminifyEnabled enableProguardInReleaseBuilds // Enable code minification and obfuscation in release builds if ProGuard is enabledproguardFiles getDefaultProguardFile("proguard-android-optimize.txt"), "proguard-rules.pro" // Use default ProGuard optimization rules along with custom rules defined in "proguard-rules.pro"

Then in android/app/proguard-rules.pro at last add/keep as per your project requirement(Keeping all classes and members in):

-keep class io.invertase.firebase.** { *; }-dontwarn io.invertase.firebase.**-keep class com.awrostamani.BuildConfig { *; }-keep class com.swmansion.reanimated.** { *; }-keep class com.facebook.react.turbomodule.** { *; }-keep public class com.horcrux.svg.** {*;}

Note: If app still crashes after proguard enabling then check in crashlytics which library is doing so and add that also in proguard-rules.pro

Make a release build and check using any online tool like Link to check if the actual code is hidden/converted to random strings.

3. For React Native iOS part: (Ref.)

There is no built-in library in the iOS project that will obfuscate your code, therefore an external package has to be used.


Original Link: https://dev.to/ajmal_hasan/react-native-code-obfuscation-4d04

Share this article:    Share on Facebook
View Full Article

Dev To

An online community for sharing and discovering great ideas, having debates, and making friends

More About this Source Visit Dev To