Mobile Protect SDK for Apache Cordova

This document outlines the setup process for the Mobile Protect SDK in Apache Cordova applications. The onboarding steps are similar to those for native iOS and Android apps, but each platform is addressed separately.

iOS: Add Mobile Protect SDK

Repo API Key

Mobile Protect builds are served from the following git repository: https://mobile-protect-repos.securetheorem.com/mobileprotect-ios

Access via SPM and CocoaPods, or Clone the Repo

To clone the repo:

git clone https://any:{REPO_API_KEY}@mobile-protect-repos.securetheorem.com/mobileprotect-ios

You can avoid the need for directly referencing the Repo API Key by adding it to your environment's .netrc file. Add the following to ~/.netrc (create the file if it doesn't already exist):

machine mobile-protect-repos.securetheorem.com password {REPO_API_KEY}

Replace {REPO_API_KEY} with your real Mobile Protect Repo API Key.


Using CocoaPods

1. Initialize CocoaPods

Skip this step if your project already uses CocoaPods and has a Podfile.

Navigate to the iOS project directory in your Cordova project. This is usually located at platforms/ios/.

cd platforms/ios/

Initialize CocoaPods in this directory:

pod init

2. Add the MobileProtect Pod

Open the Podfile created in your project directory using a text editor and add the MobileProtect pod:

# platform :ios, '9.0' target 'HelloWorld' do use_frameworks! # Unpinned version pod 'MobileProtect' # Specific version pod 'MobileProtect', '~> 25.0.3' end

'HelloWorld' would be replaced with the real target name of your Cordova iOS project.

3. Install the Pod

Run the following command in the same directory to initiate the download of Mobile Protect:

pod install

Using Swift Package Manager (SPM)

1. Open the Project's Xcode Workspace (.xcworkspace)

Navigate to the iOS project directory in your Cordova project. This is usually located at platforms/ios/.

cd platforms/ios/

Open project's .xcworkspace file.

open *.xcworkspace

2. Add the Mobile Protect SPM Package

Enter the following URL in Xcode, FileAdd Package Dependencies…Enter Package URL:

https://spm:{REPO_API_KEY}@mobile-protect-repos.securetheorem.com/mobileprotect-ios

Replace {REPO_API_KEY} with your real Repo API Key. If the Repo API Key has already been added to your environment's .netrc file, spm:{REPO_API_KEY}@ can be omitted from the URL.


iOS: Mobile Protect Configuration

Add the Mobile Protect Config

Copy the MobileProtect.plist config file into the project, place it in the Target root. See Add Existing Files and Folders to a Project for instructions.


Android: Add Mobile Protect SDK

1. Add the Mobile Protect Maven Repository

The Mobile Protect for Android SDK is hosted on a private Maven repository. To be able to fetch the dependency, you must first register the dependency within your Gradle manifest.

You will need to add our repository to the plugin repositories, as of time of writing, Cordova doesn’t support editing settings.gradle, so you need to declare it in an init.gradle file in $GRADLE_HOME or passing the init file via cli cordova build android -- --gradleArg="--init-script init.gradle":

settingsEvaluated { settings -> settings.pluginManagement { repositories { mavenCentral() gradlePluginPortal() google() maven { credentials { //Leave the username as "MAVEN" username "MAVEN" password "INSERT_YOUR_KEY" } url "https://mobile-protect-repos.securetheorem.com/mobileprotect-android" } } } }

Our plugin will then download its project dependencies so you will also need to add our repository to your project’s build.gradle file:

allprojects { repositories { mavenCentral() google() // Mobile Protect Maven Repository maven { credentials { // Leave the username as "MAVEN" username "MAVEN" password "INSERT_YOUR_KEY" } url "https://mobile-protect-repos.securetheorem.com/mobileprotect-android" } } }

If you use Cordova’s default repositories.gradle setup, you will need to add our repository to all repositories.gradle files. There are usually three of these:

  • platforms/android/repositories.gradle

  • platforms/android/app/repositories.gradle

  • platforms/android/cordovaLib/repositories.gradle

ext.repos = { google() mavenCentral() maven { credentials { //Leave the username as "MAVEN" username "MAVEN" password "INSERT_YOUR_KEY" } url "https://mobile-protect-repos.securetheorem.com/mobileprotect-android" } }

Note: If you use settings for dependency management (for ex. if you see the error “Build was configured to prefer settings repositories over project repositories”) the Data Theorem repository will need to be added in settings.gradle under dependencyResolutionManagement->repositories.

2. Add the Mobile Protect Gradle Plugin

Declare the plugin within your project’s build.gradle as follows:

plugins { id "com.dtplugin.mobileprotect" version("$VERSION") // If you want to auto update to the latest use: version("+") }

Note: If you encounter duplication issues because you have both TrustKit and MobileProtect, you can use the com.dtplugin.mobileprotect-notrustkit artefact and keep TrustKit as is.

3. Add the Mobile Protect Config

In the Android project, create the xml directory (/app/src/main/res/xml) if it does not exist. Then, copy the mobileprotect.xml config file into the xml resources folder. mobileprotect.xml can be downloaded from our portal.

The AUTH_TOKEN key contained in the configuration file is not sensitive. The key is only used to identify the data sent by Mobile Protect to the backend, but cannot be used to pull any data from the app nor the backend. It is safe to commit and have the token in the .apk as it is used as an identifier, similar to Google's Firebase: Learn about using and managing API keys for Firebase  |  Firebase Documentation .

4. Initialize Mobile Protect

Now you're ready to initialize the SDK. Within your application's main Application class, preferably in the onCreate() method, add the following code:

MobileProtect.init(this, R.xml.mobileprotect);

If you don’t have an Application object, you need to create one and register it in AndroidManifest.xml

5. Optional: configuration for static obfuscation

You can enable Mobile Protect obfuscation in the project build.gradle with:

MobileProtectPluginConfiguration { enableObfuscation = true }

If static obfuscation is enabled for a Cordova project then the following proguard rules must be added to your proguard-rules.pro file in order to prevent plugins from breaking:

-dontwarn kotlin.reflect.jvm.KCallablesJvm -keep class org.apache.cordova.** {*;} -keep class * extends org.apache.cordova.CordovaPlugin {*;}

If your project does not contain a proguard-rules.pro file you can add one in platforms/android/app/build.gradle

android { //... buildTypes { release { //... proguardFiles("proguard-rules.pro") } } }

Other Installation Guides

iOS
Android
React Native
Flutter