DexProtector encrypts the contents of the .jsbundle using the same mechanisms that it applies to Java, Kotlin, Objective-C, or Swift code. Robust encryption and obfuscation makes it seem to an attacker that the source code has completely disappeared. DexProtector also employs RASP checks to detect jailbroken devices, emulators, and hooking frameworks like Frida. These are common tools used at runtime to take control over the app's execution. DexProtector blocks them all.
DexProtector’s defence against man-in-the-middle attacks is two-pronged. A combination of both SSL Pinning and Certificate Transparency checks help to stop network interference and interception.
Supply chain attacks
React Native apps use NPM packages as their dependencies. One potential issue here is how easy it is to publish them. It opens the door to bad actors publishing malicious packages without much effort. What’s more, even seemingly genuine, helpful dependencies might not have been implemented correctly or provide reasonable config or default parameters.
AppCare is an innovative tool that comes with DexProtector Studio. You can use it to scan your application for existing, known vulnerabilities in libraries and dependencies. That way you can be sure that there’s no rogue code that can cause problems further down the line.