Home/ Questions/Q 7936161
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T22:07:47+00:00

I’m a beginner in creating mobile apps with phonegap. I have some doubts on

  • 0

I’m a beginner in creating mobile apps with phonegap. I have some doubts on security aspects, when creating a mobile app with phonegap.

  1. I want to create an app that accesses a Web service, e.g. a REST service created using Jersey. Now, am I correct in thinking that a hacker can easily see the security keys/authentication mechanism used, to authenticate the client (on a mobile app) with the server (where REST API is to be used)?

  2. In general, can a hacker easily access all data being sent by the mobile app (which was created using phonegap)?

  3. Can a hacker disassemble a phonegap app to obtain original code? Wont he get the native code (e.g. Objective C in case of ios)? Or can he decompile even that into original phonegap code (ie html+js)? How do I prevent my code from being decompiled? Is this scenario the same as for most other languages i.e. hackers with powerful PCs can hack into just about any program/software? Is there some way to prevent this from happening?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Allright, first take a deep breath. You are probably not going to like some of my answers but you’ll be living with the same issues that we all are.

    1. The best thing to do in this case is to use something like the KeyChain plugin to retrieve your security keys from the native side.

    2. You can take PhoneGap out of the question because it applies to any situation where you send unencrypted data between a client and server. Anyone can easily listen in using a number of tools including Wireshark or Ethereal. If you need to communicate with a sever it should be done on an encrypted, HTTPS or SSL, connection.

    3. First I think you are under the mistaken impression that PhoneGap compiles your HTML/JS code into Obj-C. It does not. If the user uncompresses your app they will be able to read your HTML/JS. Also, they’ll be able to decompile your Obj-C code as well. This does not take a powerful PC or even an experienced hacker. Pretty much anyone can do it.

    My advice to you is not to worry about it. Put your time into creating a truly great app. The people who will pay for it will pay for it. The folks who decompile it would never buy the app no matter what. The more time you take trying to combat the hackers takes away from the time you could use to make your app greater. Also, most anti-hacking measures just make life harder for your actual users so in fact they are counter productive.

    • 0