: Disclosure This post focuses on , a JavaScript protection product to which the author is affiliated (as CTO). Jscrambler is a React-based open-source mobile application framework developed by Facebook. It is actually one of the most popular JavaScript frameworks for mobile development, as shown by the 2020 " " survey. React Native State of JavaScript By following this tutorial, you will be able to integrate Jscrambler seamlessly into React Native's build process and protect your app with the most potent and resilient techniques, , , and capabilities. obfuscation code locks self-defensive self-healing Pre-Requisites To properly integrate Jscrambler into the React Native build process, we only need to and . Let's cover both steps below. set up a React Native app configure Jscrambler Creating a React Native Application To create a mobile app using React Native, you have : using Expo or using the React Native CLI. Usually, Expo is more suited for developers with a Web Development background (it doesn't require Xcode or Android Studio), while using the React Native CLI is most advisable for those that come from a Native Development background (it requires Xcode or Android Studio). two main approaches To integrate Jscrambler into the React Native build process, we'll have to use the React Native CLI. However, if you're using Expo, you can also integrate Jscrambler by ejecting the project, as we'll explore further below. For the purposes of this tutorial, we will be cloning a simple Grocery List app: git clone https://github.com/jscrambler/Integration-Examples.git Now, let's transverse into the React Native app's directory and install the project's dependencies: cd Integration-Examples/ReactNative/Example-Apps/react-native0.64-grocery-list/ npm i The simplified base project structure of our application is as follows: React Native react-native0.64-grocery-list/ |-- app.json |-- babel.config.js |-- index.js |-- metro.config.js |-- package.json |-- __tests__/ |-- android/ | |-- app/ | | |-- build/ |-- App/ |-- ios/ |-- node_modules/ contains all the configurations which are related to npm such as dependencies, version, and scripts. package.json The directory features the source code of the application. The sources are then built and packed into either the or directory. This is where our protected HTML and JavaScript files will be placed after the build. App android ios And we have successfully set up our React Native app. Let's move forward to protecting it with Jscrambler. Configuring Jscrambler If you haven't created a yet, be sure to do so before moving forward. Jscrambler account All of Jscrambler's configuration will reside inside a single file: , which specifies which transformations we wish to use. .jscramblerrc The quickest way to get our config file is via the . Once there, create a new app. Now, in the tab, select the Language Specifications and application type. Next, select the transformations you want (check the and tabs). In this tutorial, we'll be selecting the template. If you need help with these steps, please refer to our . Jscrambler Web App Application Modes Templates Fine-Tuning Obfuscation guide Now, we simply have to download a , which will be used only for quickly getting the required settings. JSON file with all this configuration Now, let's create a new file named on the React Native project’s root folder. Open the file you just downloaded and copy all its contents to the file. Your final file should look like this: .jscramblerrc jscrambler.json .jscramblerrc .jscramblerrc { "keys": { "accessKey": <ACCESS_KEY_HERE>, "secretKey": <SECRET_KEY_HERE> }, "applicationId": <APP_ID_HERE>, "params": [ { "name": "objectPropertiesSparsing" }, { "name": "variableMasking" }, { "name": "whitespaceRemoval" }, { "name": "identifiersRenaming", "options": { "mode": "SAFEST" } }, { "name": "globalVariableIndirection" }, { "name": "dotToBracketNotation" }, { "name": "stringConcealing" }, { "name": "functionReordering" }, { "options": { "freq": 1, "features": [ "opaqueFunctions" ] }, "name": "functionOutlining" }, { "name": "propertyKeysObfuscation", "options": { "encoding": [ "hexadecimal" ] } }, { "name": "regexObfuscation" }, { "name": "booleanToAnything" } ], "areSubscribersOrdered": false, "useRecommendedOrder": true, "jscramblerVersion": "<7.X>", "tolerateMinification": false, "profilingDataMode": "off", "useAppClassification": true, "browsers": {} } Because we got this information directly via the Jscrambler Web App, our , and fields are already filled. If you wish to retrieve them manually, refer to our . accessKey secretKey applicationId guide It's important to note that the section specifies the transformations that will be used to protect your React Native app. , by selecting them in the Web App or setting them manually. You can find documentation on all the available transformations . params These can be hand-picked by you here Integrating Jscrambler in the Build Process In case you have used Expo to set up your React Native project, in order to continue with the Jscrambler integration you must first eject it using . Note: expo eject Since React Native uses its own bundler called Metro, Jscrambler’s React Native integration is achieved through a Metro plugin. To get started, install the : Jscrambler Metro Plugin npm install jscrambler-metro-plugin --save-dev Next, create a file on the project's root folder (in our case, we already have that file). Now, we need to add two lines of code to the file. This code imports the Jscrambler Metro plugin and will enable our app to use it. The final file should look similar to this: metro.config.js const jscramblerMetroPlugin = require("jscrambler-metro-plugin")(); module.exports = { transformer: { getTransformOptions: async () => ({ transform: { experimentalImportSupport: false, inlineRequires: false, }, }), }, ...jscramblerMetroPlugin }; And that's it! We're ready to build our application! To do so, there are different approaches for Android and iOS. For Android cd android && ./gradlew bundleRelease For iOS If we are building for iOS, the process is a bit trickier. First, we need to bundle our source files and prepare them before creating our IPA package: react-native bundle --entry-file index.js --platform ios --dev false --bundle-output ios/main.jsbundle --assets-dest ios This will output a file which we then need to use in Xcode to build our IPA. To do so, you can follow . main.jsbundle this guide We will find the mobile application package for Android (APK) or iOS (IPA) on . <android|ios>/app/build/outputs/<apk|ipa>/debug Conclusion React Native is often the JS framework of choice for building cross-platform mobile apps in the enterprise. Other than Facebook, it’s also used by companies like Bloomberg, Tesla, Uber, Wix, and Discord. Now more than ever, attackers are actively seeking to exploit the exposed nature of JavaScript to steal or tamper with the JavaScript code that often contains critical business logic. This is why protecting your React Native source code with Jscrambler becomes a key step of the development process. By using our Metro plugin, you can integrate Jscrambler into the React Native build process in a few minutes. If, however, you encounter any issues during this integration, be sure to check our or . documentation contact us Previously published at https://blog.jscrambler.com/how-to-protect-react-native-apps-with-jscrambler/
