3 Replies Latest reply on Jun 16, 2016 12:56 PM by kerrishotts

    how to disable debugging in the release version of app

    vekenv79198338

      I uploaded an app to google play with debug disabled, first i was not able to see the content of the app in the inspector, however, once I download the apk and install on android emulator, I am able to see the full content of my released app. is there a way to hide everything?

        • 1. Re: how to disable debugging in the release version of app
          kerrishotts Adobe Community Professional

          I just want to be clear: do you mean that you can use chrome://inspect and still attach to your app that way?

           

          Also, how are you building your app? PhoneGap (or Cordova) CLI or PhoneGap Build?

           

          Finally, it might help to see your config.xml (sans identifying information).

          • 2. Re: how to disable debugging in the release version of app
            vekenv79198338 Level 1

            Yes, if i install my app from google play on the cellphone, and then i try to see the content with chrome.inspect, I cant. BUT if i download the apk from google play and install it on x86 emulator in android studio and then run it on the emulator with accessing the emulator from chrome.inspect then i can see my entire source code (www) file even though I had disabled debugging and i it final release. I usually build with android studio. i tested this with other phonegap apps shown of phonegap page and honestly I was able to see all of their source code (www). This huge security issue to be honest and I think people must be aware of it in case they are building something requires high level of security. I was considering writing native plugins in order to handle the sensitive server calls instead of exposing the entire code to the user. As a matter of fact, I was able to hide the content of my source code with CrossWalk cordova plugin, I dont know yet how does it work, or what architecture it uses, but I know that inspector could see my code anymore, not even the html. the drawback is that it add extra 26 mb to the project, I am now considering using Ace plugin in where you can introduce native classes into your project without the need to write custom plugins. however, I would really like to know if you can help me with this.

            • 3. Re: how to disable debugging in the release version of app
              kerrishotts Adobe Community Professional

              What's your AndroidManifest.xml file look like? It's possible the debug flag was still on there, even though you built a release version.

               

              While chrome://inspect shouldn't work on a release app (if it does, that's a bug!), and you've used CrossWalk to circument that issue, that's not going to help with security. See, your web content is available to anyone who can download the app. To prove it to yourself, unzip your app's APK, and you'll see all the "www" code.

               

              The moral is this: don't put anything in your app's code that you can't risk the world seeing. This applies not just to PhoneGap apps but to native apps as well (disassembly is a thing).