Introduction
Code obfuscation is a technique used to make code difficult to understand and analyze. In React Native, code obfuscation can be used to protect intellectual property, prevent reverse engineering, and improve the security of your application.
We will separately obfuscate javascript, native android and ios.
1. For React Native Javascript part: (Ref.)
Obfuscate React Native Code using Metro Plugin
a) Install:
or
yarn add -D obfuscator-io-metro-plugin
b) Once the plugin is installed, you will need to add it to your Metro configuration file. You can do this by adding the following code to your metro.config.js file:
{
// for these option look javascript-obfuscator library options from above url
compact: false,
sourceMap: false, // source Map generated after obfuscation is not useful right now so use default value i.e. false
controlFlowFlattening: true,
controlFlowFlatteningThreshold: 1,
numbersToExpressions: true,
simplify: true,
stringArrayShuffle: true,
splitStrings: true,
stringArrayThreshold: 1,
},
{
runInDev: false /* optional */,
logObfuscatedFiles: true /* optional generated files will be located at ./.jso */,
}
);
module.exports = {
transformer: {
getTransformOptions: async () => ({
transform: {
experimentalImportSupport: false,
inlineRequires: false,
},
}),
},
…jsoMetroPlugin, /*add this line in your previous module after defined above*/
};
2. For React Native Android part: Ref.
Note: We are using R8 here for code obfuscation.
In android/app/build.gradle, add:
.
.
.
buildTypes {
debug { }
release {
debuggable false // Disable debugging for release builds
shrinkResources enableProguardInReleaseBuilds // Enable resource shrinking in release builds if ProGuard is enabled
minifyEnabled enableProguardInReleaseBuilds // Enable code minification and obfuscation in release builds if ProGuard is enabled
proguardFiles getDefaultProguardFile(“proguard-android-optimize.txt”), “proguard-rules.pro” // Use default ProGuard optimization rules along with custom rules defined in “proguard-rules.pro”
Then in android/app/proguard-rules.pro keep as per your project requirement:
Keep all classes and members in:
-dontwarn io.invertase.firebase.**
-keep class com.awrostamani.BuildConfig { *; }
-keep class com.swmansion.reanimated.** { *; }
-keep class com.facebook.react.turbomodule.** { *; }
-keep public class com.horcrux.svg.** {*;}