https://stackoverflow.com/questions/15817807
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianAfter some further research: In current versions of Cordova, an app compiled with a distribution license prevents web inspection.
Your IPA file can be browsed however, so your source code should not contain any sensitive information. Don't save personal info to the app's sandbox (documents://, localstorage, web directory) since any encryption methods would be easily discovered and reproduced. Save all sensitive information to a password protected API.
You could also use a custom Cordova plugin to get/set sensitive information. Best case would be to use a custom plugin to get/set information from a secure API server (hiding your API parameters).
Also, treat any HTML or JS that have sensitive values as toxic. Delete/Remove them as quickly as possible (including the jquery cache). Make a special effort to remove any and all sensitive info from the DOM when the app moves to the background.
TLDR; Built for production, the active state of your app can be considered as secure as anything in RAM, but you must save any and all sensitive information off the device or use a plugin to do the encryption/decryption.
