Explore Sembi IQ - The AI engine powering the next generation of intelligent quality
PreEmptive_Logo_-_RGB__Full_Logo_-_Dark_BG 1
Login
Get Started

Support Corner: Protecting React Native Apps

  • December 2, 2022
  • John Brawner
Support-corner

In This Article

We’ve recently worked with a handful of customers in the process of creating React Native apps. As with other mobile development frameworks, it is relatively easy to reverse engineer and tamper with React Native apps. For this reason, securing your organization’s IP and data is essential before publishing. In the following article, we’ll discuss how to do so using PreEmptive. React Native apps are primarily written in JavaScript and then packaged as an APK, AAB, or IPA file for deployment. Once the app is installed on a device, the end user can extract an APK and see the bundled JavaScript file within the “assets” directory. The bundle will be minified during the build, but this can easily be “unminified” and formatted by a text editor such as Nodepad++ with JSTool. Doing so would reveal API calls, keys, and sensitive strings: SC01 JavaScript can also interface with Native Java modules. Java is compiled and embedded in the APK as one or more classes.dex file(s). A tool such as ByteCode viewer can decompile the classes.dex to reveal sensitive IP within Java source: SC02 Leaving code exposed in such a way is quite dangerous. A hacker could clone the app, infiltrate back-end systems, initiate a data breach, and more. Luckily, PreEmptive can protect the code embedded in the APK. JSDefender for JavaScript can protect the JavaScript bundle. DashO Java obfuscator can protect the Java code. JSDefender’s Metro plugin and DashO’s Gradle plugin integrate protection directly into our build. metro.config: SC03 build.gradle: SC04 When building the React Native project >npx react-native run-android  or  >gradlew clean assembleRelease or bundleRelease PreEmptive can be seen running in the build output: SC05 After this build, the binary is hardened against decompilation, reverse engineering, and tampering: SC06 The complete source code sample can be downloaded here. To run the sample:
  • Download the JSDefender (trial or commercial) Core and Metro npm packages. 
  • Configure the JSDefender license key in jsdefender.config.json. 
  • Install and register PreEmptive DashO (trial or commercial) on your machine.
  • Run npm install within the directory. 
Please contact us if you have feedback on this topic or any other topics you would like us to discuss in the Support Corner.

Try PreEmptive Today

Strengthen your application security with PreEmptive’s advanced protection
© 2026 PreEmptive. All Rights Reserved