Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Web and WebWorks Development

Reply
New Member
del_liero
Posts: 1
Registered: ‎12-27-2012
My Device: none

Source encription Q

Hi All!

I want to create app for Blackberry using HTML5, but i have concern about security.

Can anyone somehow decompile my app and still sources? All platform offers security for this case?

Please use plain text.
Developer
Innovatology
Posts: 1,280
Registered: ‎03-03-2011
My Device: Playbook, Z10, Q10, Z30 with Files & Folders and Orbit of course

Re: Source encription Q

Are you worried about others being able to steal your hard work? Or does your code contain real secrets?

 

Any JavaScript app is vulnerable to some extent. In fact, any app can be decompiled or disassembled. The question is: how difficult is it. There are generally three factors:

 

  1. Is your code protected while in motion (i.e. being downloaded to the device)? Personally, I haven't looked into this, but I would not be surprised if it was vulnerable to a man-in-the-middle attack.
  2. Is your code protected while at rest (i.e. installed on the device)? BB10 and the PlayBook OS make it difficult due to access permissions. Regular users and other devs don't have access to your code unless they manage to root the device or find a security flaw in the OS or web runtime. PlayBook OS 1.x was rooted, but AFAIK nobody has managed that with 2.x or BB10 yet. Of course RIM (and possibly some of their partners) have root access, but they would be able to inspect the .bar file you upload to App World anyway.
  3. Is your code obuscated? This replaces variable and function names with random characters to make it difficult to read even if somebody has access to your code. The disadvantage is that it can also make it more difficult to trace & debug runtime errors.

Of course you shouldn't ever rely on code for security. If you find you need to store secrets (passwords, encryption keys etc) in your code, then your architecture has design faults.

 

Files & Folders, the unified file & cloud manager for PlayBook and BB10 with SkyDrive, SugarSync, Box, Dropbox, Google Drive, Google Docs. Free 3-day trial! - Jon Webb - Innovatology - Utrecht, Netherlands
Please use plain text.