Make a Secure PhoneGap/Cordova App (Android) - javascript

I am developing a new app for android. I tested PhoneGap the last days and I think it is a very good platform to develop an app.
I started developing and now I have some security concerns.
Online
All the JavaScript gets hosted on my server and the app needs them to start.
Offline
I have my JavaScript in the app and it just validates some files before startup.
I want that my app is working online and offline.
Problem
If the files are offline every user (with root) can edit the code. The user can remove for example the In-App Purchase and the file validation for the offline mode.
I searched through the internet and I need so say that I didn't found a good answer how to secure my app.
I hope here is somebody who can give me tips or ideas to make my app working online and offline with beeing secure. Thanks!

Probably there is no bulletproof solution to make hybrid apps secure, however you could obfuscate your code using tools like https://github.com/mishoo/UglifyJS. Although not safe from reverse engineering, uglification willl make more difficulty to modify the code.

Related

Why my project doesn't find some images when downloading it as a progressive web app in a mobile phone?

I'm working on a test project to start learning about service workers and progressive web apps.
This project is hosted on github in https://github.com/Pablo-No/Privado1, however, when I download it as a progressive web app in a mobile phone some images aren't loaded correctly and alt text is shown instead, I don't know how to fix it, probably because I don't know how service workers and progresive web apps work, and that's why I'm working on this project.
In my computer it works perfectly, even when the app is downloaded without connection to internet (thanks to the service worker, I think). I've seen some similar issues, but I think they're different, however I may not be correct and I'm sorry if this issue has been answered yet.
I've used Chrome and Chrome mobile with the desktop and the mobile phone (the mobile phone uses android).
Actually I've made it works properly by using code in https://codelabs.developers.google.com/codelabs/your-first-pwapp . I hope this question and answer helps other people if they have the same issue.

How to store webpages automatically for viewing offline as fallback?

I'm currently doing a project for showing a slideshow (build in HTML, CSS and JavaScript) on a television, using a Raspberry Pi. Now I would like the slideshow to be displayed even when the Raspberry is not connected to the internet. Does anyone have a solution or idea how I could solve this?
If I am understanding your question correctly...
What you will need to look into is service workers!
Important note: They only work on trusted websites: Sites with https or on localhost (for testing purposes)
Here is a tutorial on offline support with service workers: https://css-tricks.com/serviceworker-for-offline/ But there are other great tutorials out there too!

What do I need to make a small app running offline with a html/css ui?

Noob question here:
I wanna build a small app that's supposed to run offline on a desktop computer. It does not have much data to save, so i can either use a file or some form of a db, but here lies my question:
What language/tech can I use for handling and saving the data, that does not have to be connected to the internet?
I'm thankful for any tips!
Try out the electron: https://electronjs.org/
You can create cross platform desktop apps with JavaScript, HTML, and CSS with electron.

Node.js app into an iOS app?

I have a Node.Js app running on a publicly accessible server.
I want to make it possible for users to access it as a native iOS app.
Is there a simple way of simply making an iOS app and having it show my Node.Js app running from the server? Or it's more complicated than that?
I looked into PhoneGap but maybe some other recommendations also?
Thanks!
PS I know the question is broad but that's why I'm asking – to focus my question and to know what to do next.
Node.js - this is a server side application. So you need to build client application which can communicate with your node.js server by Rest api or so...
As you mentioned you can build hybrid html5/js app with PhoneGap, Cordova, Ionic "wrappers/libraries" which will pack it into native iOS/Android/... application and that app can talk to your node.js server and transfer data you need.
Also, as Daniel Larsson mentioned for some specific pages you can use webview to display page straight from the web, but webview can be a part of your application but not an entire application, because Apple will reject it during review process.
If you want to port your existing web-app over to being a native app on the app store, I can positively recommend PhoneGap having developed multiple apps with it after completing the same research you are doing now.
As NYS said, you'll need to package all your web-app design (HTML/CSS+images/JS) inside the PhoneGap app, any other way simply wouldn't be responsive enough.
As for what to do next, I would dive straight into creating a PhoneGap application and see how your app runs inside the Cordova wrapper out of the box. The issues I faced were with scrolling on divs holding content, and non-responsive click events, both were easily solved with javascript libraries.
Cheers Chris!
You may use Socket.io for native option.
http://socket.io/blog/socket-io-on-ios/
https://github.com/socketio/socket.io-client-swift/
https://github.com/pkyeck/socket.IO-objc/
https://github.com/square/SocketRocket/

CRITICAL issue with iOS, CocoonJS and Facebook

I've just published in the Apple's Appstore a CocoonJS powered Javascript game that integrates some Facebook functions. After creating my app to Facebook, I spent weeks testing it in the CocoonJS Launcher, and I found the following:
In iOS, the user should grant permissions to apps that tries to access Facebook through the phone's Settings -> Facebook, where a list of apps appear.
I did so with the CocoonJS Launcher and then Facebook started working as expected. However, the final app (generated through the Cloud Compiler) has just been published in the store and, after trying to access Facebook from within the app, the app says that the user should grant permission from Facebook's settings (as I did with the Launcher), but it doesn't appear at the phone's Settings -> Facebook (that is, the list of apps that use Facebook and where it appeared the Launcher).
I've created my app in Facebook, retrieved its ID number, put it in the CocoonJS Cloud Compiler (both for Apple and Android) and, of course, called the "init" function inside the game with the corresponding Facebook app code... Even though it worked with the Launcher, it doesn't work with the app, and now my app is alive and no Facebook integration can be done (which is a real mess, because almost every game function uses it now)...
How could I solve it? What can be happening? Might it have something to do with the Cloud Compiler, or maybe it's related to the JS code?
Thanks in advance for your time and effort! :)
As states in help center, do some testing first with a custom launcher:
http://support.ludei.com/hc/en-us/articles/200767268-Custom-Launcher
The CocoonJS launcher you download from the store has the configuration string of Ludei:
http://support.ludei.com/hc/en-us/articles/200924496-Social
The problem may not have been in the submission, but in the development of the application.
In case you feel it's a bug, please fill a bug report with the following template in their help center.
The template guide:
http://support.ludei.com/hc/en-us/articles/203459717-How-to-report-a-CocoonJS-bug
The forum to post the issue (troubleshooting section):
http://support.ludei.com/hc/communities/public/topics/200011348-Problems-Troubleshooting

Categories