{ "id": "86127", "key": "TIMOB-7553", "fields": { "issuetype": { "id": "2", "description": "A new feature of the product, which has yet to be developed.", "name": "New Feature", "subtask": false }, "project": { "id": "10153", "key": "TIMOB", "name": "Titanium SDK/CLI", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [ { "id": "12593", "name": "Release 2.0.0", "archived": false, "released": true, "releaseDate": "2012-03-30" }, { "id": "13070", "description": "Release 1.8 Service Pack 2", "name": "Release 1.8.2", "archived": true, "released": true, "releaseDate": "2012-02-29" }, { "id": "13170", "name": "Sprint 2012-06", "archived": true, "released": true, "releaseDate": "2012-03-25" } ], "resolution": { "id": "1", "description": "A fix for this issue is checked into the tree and tested.", "name": "Fixed" }, "resolutiondate": "2012-03-13T13:48:21.000+0000", "created": "2012-02-06T13:43:34.000+0000", "priority": { "name": "Critical", "id": "1" }, "labels": [ "dr-list" ], "versions": [ { "id": "12580", "description": "Dual Runtime 1.8.0", "name": "Release 1.8.0.1", "archived": true, "released": true, "releaseDate": "2011-12-22" } ], "issuelinks": [ { "id": "15209", "type": { "id": "10003", "name": "Relates", "inward": "relates to", "outward": "relates to" }, "inwardIssue": { "id": "86544", "key": "TIMOB-7677", "fields": { "summary": "Android : Distribute - v8, rhino - After selecting to distribute a template in Ti Studio it fails with errors on Windows", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "priority": { "name": "Critical", "id": "1" }, "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false } } } } ], "assignee": { "name": "joshroesslein", "key": "joshroesslein", "displayName": "Josh Roesslein", "active": true, "timeZone": "America/Los_Angeles" }, "updated": "2017-03-16T22:08:02.000+0000", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "components": [ { "id": "10202", "name": "Android", "description": "Android Platform" } ], "description": "Source code is shipped as obfuscated source in Titanium applications for Android. This results in application logic that is significantly easier to reverse engineer. Suggest that similar measures be taken at build time as iOS, where JavaScript code is inlined in a C file and compiled into the application.\r\n\r\nh3. Test cases\r\n\r\nCreate or import a project to use during these tests.\r\n\r\nh4. Running application (without protection enabled)\r\n1. Install application to a device.\r\n2. Launch application and verify it works (no file not found errors).\r\n3. Run `unzip -l build/android/app.apk`\r\n4. Verify in assets/Resources you can see your JavaScript files.\r\n\r\nh4. Running application (with protection enabled)\r\n1. In tiapp.xml add a property with name \"ti.android.compilejs\" set to true.\r\n2. Install application to device.\r\n3. Launch application and verify it works.\r\n4. Run `unzip -l build/android/app.apk`\r\n5. Verify in assets/Resources there is no JavaScript files.\r\n\r\nh4. Deploy application (protection enabled by default)\r\n1. Create a deploy APK from Studio.\r\n2. Run `unzip -l app.apk`\r\n3. Verify no JavaScript files exist under assets/Resources\r\n4. Install APK to device and verify application works.\r\n\r\n", "attachment": [], "flagged": false, "summary": "Android: Source code protection needs to be implemented for Android on V8", "creator": { "name": "kwhinnery", "key": "kwhinnery", "displayName": "Kevin Whinnery", "active": true, "timeZone": "America/Chicago" }, "subtasks": [], "reporter": { "name": "kwhinnery", "key": "kwhinnery", "displayName": "Kevin Whinnery", "active": true, "timeZone": "America/Chicago" }, "environment": "Android V8 runtime", "comment": { "comments": [ { "id": "182762", "author": { "name": "kwhinnery", "key": "kwhinnery", "displayName": "Kevin Whinnery", "active": true, "timeZone": "America/Chicago" }, "body": "To me this is a good place to start, keeping honest people honest.", "updateAuthor": { "name": "kwhinnery", "key": "kwhinnery", "displayName": "Kevin Whinnery", "active": true, "timeZone": "America/Chicago" }, "created": "2012-02-10T11:18:37.000+0000", "updated": "2012-02-10T11:18:37.000+0000" }, { "id": "183053", "author": { "name": "kwhinnery", "key": "kwhinnery", "displayName": "Kevin Whinnery", "active": true, "timeZone": "America/Chicago" }, "body": "thanks for working this one so quickly Josh!", "updateAuthor": { "name": "kwhinnery", "key": "kwhinnery", "displayName": "Kevin Whinnery", "active": true, "timeZone": "America/Chicago" }, "created": "2012-02-14T10:25:40.000+0000", "updated": "2012-02-14T10:25:40.000+0000" }, { "id": "183762", "author": { "name": "sfeather", "key": "sfeather", "displayName": "Stephen Feather", "active": true, "timeZone": "America/New_York" }, "body": "Does this resolve the problem for BOTH v8 and rhino targets?\r\n", "updateAuthor": { "name": "sfeather", "key": "sfeather", "displayName": "Stephen Feather", "active": true, "timeZone": "America/New_York" }, "created": "2012-02-20T11:46:28.000+0000", "updated": "2012-02-20T11:46:28.000+0000" }, { "id": "183767", "author": { "name": "ngupta", "key": "ngupta", "displayName": "Neeraj Gupta", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Rhino didn't have this problem to start with.", "updateAuthor": { "name": "ngupta", "key": "ngupta", "displayName": "Neeraj Gupta", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-02-20T19:21:03.000+0000", "updated": "2012-02-20T19:21:03.000+0000" }, { "id": "183769", "author": { "name": "sfeather", "key": "sfeather", "displayName": "Stephen Feather", "active": true, "timeZone": "America/New_York" }, "body": "Neeraj, you can split words all you want, but as it is now, in 1.8.1, if you choose V8 OR rhino in your TIAPP.xml, your tail end is hanging in the wind if you release an android app. Original source code packaged up nice and neat for thieving. It may be a bit obfuscated, not nothing an online tool or two can't clean up.\r\n\r\nSo, I'll ask again.\r\n\r\nDoes this resolve the problem for BOTH V8 and rhino targets?\r\n\r\nAt this point in time, EVERY release APK coming out of 1.8.1 in Titanium has the source code out in the open.\r\n\r\n", "updateAuthor": { "name": "sfeather", "key": "sfeather", "displayName": "Stephen Feather", "active": true, "timeZone": "America/New_York" }, "created": "2012-02-20T19:52:53.000+0000", "updated": "2012-02-20T19:54:39.000+0000" }, { "id": "183770", "author": { "name": "ngupta", "key": "ngupta", "displayName": "Neeraj Gupta", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Stephen - Let me rephrase my earlier comment. Rhino already had the mechanism that we implemented recently for V8 to protect the source code. Therefore, an application no longer has to rely on obfuscation for either V8 or Rhino runtime option. Try it out with the latest master or 1.8.2 CI build for both the runtimes and let us know if you see any problem.", "updateAuthor": { "name": "ngupta", "key": "ngupta", "displayName": "Neeraj Gupta", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-02-20T20:05:41.000+0000", "updated": "2012-02-20T20:05:41.000+0000" }, { "id": "184757", "author": { "name": "leoncin", "key": "leoncin", "displayName": "leoncin", "active": true, "timeZone": "America/Los_Angeles" }, "body": "I don't think this issue is well solved. I built a project by \"distribute to Android marketplace\" with 1.8.2 formal release. The internal javascript files are only BASE64 strings in AssetCryptImpl.java file. The javascript source can be easily decoded. Compared to the decompiled java class files, these javascript files are more easily understandable. \r\n\r\nDo I miss anything? Or what's wrong with my steps to build a project? ", "updateAuthor": { "name": "leoncin", "key": "leoncin", "displayName": "leoncin", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-03-01T03:53:09.000+0000", "updated": "2012-03-01T03:53:09.000+0000" }, { "id": "185505", "author": { "name": "level420", "key": "level420", "displayName": "Dietrich Streifert", "active": true, "timeZone": "America/Los_Angeles" }, "body": "The new source code protection step seems to have an issue with large javascript files.\r\nI'm using 126kByte large javascript oo framework (qooxdoo) which breaks the compilation step if property ti.android.compilejs is set to true.\r\n\r\nOthers reported this as well in Q&A:\r\n\r\nhttp://developer.appcelerator.com/question/133073/jquery-doesnt-work-after-deploying-to-android-market\r\n\r\nhttp://developer.appcelerator.com/question/133006/constant-string-too-long\r\n\r\nThe error message is:\r\n{code}\r\n\r\n[ERROR] Error(s) compiling generated Java code\r\n[ERROR] C:\\Documents and Settings\\[User]\\My Documents\\Titanium Studio Workspace\\[app]\\build\\android\\gen\\com\\[name]\\test\\AssetCryptImpl.java:19: constant string too long\r\n{code}\r\n\r\nPlease consider enlarging the obviously limited maximum file/string lentgh.\r\n", "updateAuthor": { "name": "level420", "key": "level420", "displayName": "Dietrich Streifert", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-03-08T07:08:36.000+0000", "updated": "2012-03-08T07:09:47.000+0000" }, { "id": "185507", "author": { "name": "kwhinnery", "key": "kwhinnery", "displayName": "Kevin Whinnery", "active": true, "timeZone": "America/Chicago" }, "updateAuthor": { "name": "kwhinnery", "key": "kwhinnery", "displayName": "Kevin Whinnery", "active": true, "timeZone": "America/Chicago" }, "created": "2012-03-08T07:39:46.000+0000", "updated": "2012-03-08T07:39:46.000+0000" }, { "id": "185510", "author": { "name": "level420", "key": "level420", "displayName": "Dietrich Streifert", "active": true, "timeZone": "America/Los_Angeles" }, "body": "@Kevin: wouldn't it be better to change the obfuscator with an automatism which decides on file length if the file is suitable for obfuscation? A warning should state something like \"max. file size for obfuscation exceeded: packaging unobfuscated\".\r\n\r\nOr even better: increase the limit (where ever it may be) so large files are also processed?", "updateAuthor": { "name": "level420", "key": "level420", "displayName": "Dietrich Streifert", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-03-08T07:46:20.000+0000", "updated": "2012-03-08T07:46:20.000+0000" }, { "id": "186112", "author": { "name": "joshroesslein", "key": "joshroesslein", "displayName": "Josh Roesslein", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Sent [Pull Request #1648|https://github.com/appcelerator/titanium_mobile/pull/1648] to fix build errors with large JavaScript files.", "updateAuthor": { "name": "joshroesslein", "key": "joshroesslein", "displayName": "Josh Roesslein", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-03-12T15:28:01.000+0000", "updated": "2012-03-12T15:28:01.000+0000" }, { "id": "200839", "author": { "name": "falk", "key": "falk", "displayName": "MAIRDUMONT GmbH & Co. KG", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Which version of Mobile SDK does/will contain this fix? I can't read that from Josh's [Pull Request #1648|https://github.com/appcelerator/titanium_mobile/pull/1648].", "updateAuthor": { "name": "falk", "key": "falk", "displayName": "MAIRDUMONT GmbH & Co. KG", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-06-28T22:40:48.000+0000", "updated": "2012-06-28T22:40:48.000+0000" }, { "id": "200840", "author": { "name": "ngupta", "key": "ngupta", "displayName": "Neeraj Gupta", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Release 2.1.0", "updateAuthor": { "name": "ngupta", "key": "ngupta", "displayName": "Neeraj Gupta", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2012-06-28T22:53:34.000+0000", "updated": "2012-06-28T22:53:34.000+0000" }, { "id": "200853", "author": { "name": "sfeather", "key": "sfeather", "displayName": "Stephen Feather", "active": true, "timeZone": "America/New_York" }, "body": "It is working well in the 2.1.0 builds now.", "updateAuthor": { "name": "sfeather", "key": "sfeather", "displayName": "Stephen Feather", "active": true, "timeZone": "America/New_York" }, "created": "2012-06-29T05:52:34.000+0000", "updated": "2012-06-29T05:52:34.000+0000" }, { "id": "413276", "author": { "name": "lmorris", "key": "lmorris", "displayName": "Lee Morris", "active": false, "timeZone": "America/Los_Angeles" }, "body": "Closing ticket as fixed.", "updateAuthor": { "name": "lmorris", "key": "lmorris", "displayName": "Lee Morris", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2017-03-16T22:08:02.000+0000", "updated": "2017-03-16T22:08:02.000+0000" } ], "maxResults": 16, "total": 16, "startAt": 0 } } }