ghevge commented on issue #1732: URL: https://github.com/apache/cordova-android/issues/1732#issuecomment-2286442983
@breautek ``` cordova plugin ls cordova-plugin-android-permissions 1.1.5 "Permissions" cordova-plugin-geolocation 4.1.0 "Geolocation" cordova-plugin-inappbrowser 6.0.0 "InAppBrowser" ``` I am trying to to prevent inspecting the cordova webview. Building the cordova app with --release doesn't work either (This is what I've initially tried ). In my current builds i'm setting both the --release and the config.xml param mentioned above. > Just in case you aren't aware. Users can still get access to your app code even without the inspector. The web assets (as required to be read by the webview) and is extractable from the installable APK or AAB file. In otherwords it's not safe to store "secrets" on the client. This isn't exclusive to Cordova, but for any client-side development, but especially so for scripted environments where the code is interpreted like web environments. This is noted [here](https://cordova.apache.org/docs/en/12.x/guide/appdev/security/index.html#do-not-assume-that-your-source-code-is-secure). Well I was hoping to lock at least the medium knowledgeable users from getting access to the app code by disabling the remote debug. No secrets are stored in the cordova app code. I am aware that any client app can have its code exposed. If I won't be able to find a solution, I can live with how it is too. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org
