Cordova app security

IBM MobileFirst™ Platform Foundation provides security features that help you protect your Cordova apps.

Much of the content in a cross-platform app can be more easily modified by an unauthorized person than for a native app. Because much of the common content in a cross-platform app is in a readable format, IBM MobileFirst Platform Foundation provides features that can provide a higher level of security for your cross-platform Cordova apps. See MobileFirst security framework for information about security options that are not mentioned in this topic. Use the following features to improve security on your Cordova apps:

Encrypting the web resources of your Cordova packages: Encrypts the contents in the www folder of your Cordova app, and decrypts it when the app is installed and run for the first time. This encryption makes it more difficult for someone to view or modify the content in that folder while the app is packaged.
Enabling the web resources checksum feature: Ensures the integrity of the app when it starts by comparing the contents to the baseline checksum results that were gathered the first time the app was started. This test helps prevent the modification of an app that is already installed.
Enabling FIPS 140-2: Ensures that the encryption algorithms that are used to encrypt data at rest and data in motion are compliant with the Federal Information Processing Standards (FIPS) 140-2 standard.
Certificate pinning: Helps you prevent man-in-the-middle attacks by associating a host with its expected public key.