*What*
For Cordova, there it's likely we will need to use native plugins for some of the checks. There are 2 options:
1. Wrap the security module from the iOS and Android SDKs.
The downside is that we will also need to use the core module.
2. Use javascript as much as possible Not using the security modules , and only use plugins for but re-implement some of the things that we can not get checks in Js native code, and keep the native code minimum .
We need to perform a spike and evaluation which approach we should take. We should consider the following:
* what features we can support. The features we are looking at including:
** root/jailbreak detection
** emulator/simulator detection
** debuggable/developer mode detection
** device lock detection
** device encryption detection
** backup detection
** allow developers provide their own implementation
** report security checks metrics
* maintenance cost
* user experience for end developers
If possible, a proposal should be created on which approach we should take, based on the results of the evaluation.
|
|
