ivanbuhov
commented
7 years ago @OmarTrigui You are right that the plugin can't guarantee a top level of security but it's purpose is just to raise the bar higher for the attackers. It prevents an attacker from seeing the source by just opening the app bundle. The need to use additional tools, time and effort will discourage many people from retrieving your source, but as I said - the plugin doesn't make it impossible, it just raises the bar higher.
I have a question : what's the purpose of the *.js encryption while it's easy to retrieve the AES256 key ( stored somewhere or gathered over network ) to decipher the encrypted files ? An extra security layer against Script Kiddies ? Doesn't that affect the performance of the app in every-runtime-decryption stage ? By following the execution flow of this application, any security expert can use several tools to get the plaintext js files.