Mobile Protect SDK for Apache Cordova
This document outlines the setup process for the Mobile Protect SDK in Apache Cordova applications. The onboarding steps are similar to those for native iOS and Android apps, but each platform is addressed separately.
iOS: Add Mobile Protect SDK
Repo API Key
Mobile Protect builds are served from the following git repository: https://mobile-protect-repos.securetheorem.com/mobileprotect-ios
Access via SPM and CocoaPods, or Clone the Repo
To clone the repo:
git clone https://any:{REPO_API_KEY}@mobile-protect-repos.securetheorem.com/mobileprotect-ios
You can avoid the need for directly referencing the Repo API Key by adding it to your environment's .netrc
file. Add the following to ~/.netrc
(create the file if it doesn't already exist):
machine mobile-protect-repos.securetheorem.com
password {REPO_API_KEY}
Replace {REPO_API_KEY}
with your real Mobile Protect Repo API Key.
Using CocoaPods
1. Initialize CocoaPods
Skip this step if your project already uses CocoaPods and has a Podfile
.
Navigate to the iOS project directory in your Cordova project. This is usually located at platforms/ios/
.
cd platforms/ios/
Initialize CocoaPods in this directory:
pod init
2. Add the MobileProtect
Pod
Open the Podfile
created in your project directory using a text editor and add the MobileProtect
pod:
# platform :ios, '9.0'
target 'HelloWorld' do
use_frameworks!
# Unpinned version
pod 'MobileProtect'
# Specific version
pod 'MobileProtect', '~> 25.0.3'
end
'HelloWorld' would be replaced with the real target name of your Cordova iOS project.
3. Install the Pod
Run the following command in the same directory to initiate the download of Mobile Protect:
pod install
Using Swift Package Manager (SPM)
1. Open the Project's Xcode Workspace (.xcworkspace
)
Navigate to the iOS project directory in your Cordova project. This is usually located at platforms/ios/
.
cd platforms/ios/
Open project's .xcworkspace
file.
open *.xcworkspace
2. Add the Mobile Protect SPM Package
Enter the following URL in Xcode, File → Add Package Dependencies… → Enter Package URL:
https://spm:{REPO_API_KEY}@mobile-protect-repos.securetheorem.com/mobileprotect-ios
Replace {REPO_API_KEY}
with your real Repo API Key. If the Repo API Key has already been added to your environment's .netrc
file, spm:{REPO_API_KEY}@
can be omitted from the URL.
iOS: Mobile Protect Configuration
Add the Mobile Protect Config
Copy the MobileProtect.plist
config file into the project, place it in the Target root. See Add Existing Files and Folders to a Project for instructions.
Android: Add Mobile Protect SDK
1. Add the Mobile Protect Maven Repository
The Mobile Protect for Android SDK is hosted on a private Maven repository. To be able to fetch the dependency, you must first register the dependency within your Gradle manifest.
You will need to add our repository to the plugin repositories, as of time of writing, Cordova doesn’t support editing settings.gradle
, so you need to declare it in an init.gradle
file in $GRADLE_HOME
or passing the init file via cli cordova build android -- --gradleArg="--init-script init.gradle"
:
settingsEvaluated { settings ->
settings.pluginManagement {
repositories {
mavenCentral()
gradlePluginPortal()
google()
maven {
credentials {
//Leave the username as "MAVEN"
username "MAVEN"
password "INSERT_YOUR_KEY"
}
url "https://mobile-protect-repos.securetheorem.com/mobileprotect-android"
}
}
}
}
Our plugin will then download its project dependencies so you will also need to add our repository to your project’s build.gradle
file:
allprojects {
repositories {
mavenCentral()
google()
// Mobile Protect Maven Repository
maven {
credentials {
// Leave the username as "MAVEN"
username "MAVEN"
password "INSERT_YOUR_KEY"
}
url "https://mobile-protect-repos.securetheorem.com/mobileprotect-android"
}
}
}
If you use Cordova’s default repositories.gradle
setup, you will need to add our repository to all repositories.gradle
files. There are usually three of these:
platforms/android/repositories.gradle
platforms/android/app/repositories.gradle
platforms/android/cordovaLib/repositories.gradle
ext.repos = {
google()
mavenCentral()
maven {
credentials {
//Leave the username as "MAVEN"
username "MAVEN"
password "INSERT_YOUR_KEY"
}
url "https://mobile-protect-repos.securetheorem.com/mobileprotect-android"
}
}
Note: If you use settings for dependency management (for ex. if you see the error “Build was configured to prefer settings repositories over project repositories”) the Data Theorem repository will need to be added in settings.gradle
under dependencyResolutionManagement->repositories
.
2. Add the Mobile Protect Gradle Plugin
Declare the plugin within your project’s build.gradle
as follows:
plugins {
id "com.dtplugin.mobileprotect" version("$VERSION")
// If you want to auto update to the latest use: version("+")
}
Note: If you encounter duplication issues because you have both TrustKit and MobileProtect, you can use the com.dtplugin.mobileprotect-notrustkit artefact and keep TrustKit as is.
3. Add the Mobile Protect Config
In the Android project, create the xml
directory (/app/src/main/res/xml
) if it does not exist. Then, copy the mobileprotect.xml
config file into the xml
resources folder. mobileprotect.xml
can be downloaded from our portal.
The AUTH_TOKEN
key contained in the configuration file is not sensitive. The key is only used to identify the data sent by Mobile Protect to the backend, but cannot be used to pull any data from the app nor the backend. It is safe to commit and have the token in the .apk
as it is used as an identifier, similar to Google's Firebase: Learn about using and managing API keys for Firebase | Firebase Documentation .
4. Initialize Mobile Protect
Now you're ready to initialize the SDK. Within your application's main Application
class, preferably in the onCreate()
method, add the following code:
MobileProtect.init(this, R.xml.mobileprotect);
If you don’t have an Application
object, you need to create one and register it in AndroidManifest.xml
5. Optional: configuration for static obfuscation
You can enable Mobile Protect obfuscation in the project build.gradle with:
MobileProtectPluginConfiguration {
enableObfuscation = true
}
If static obfuscation is enabled for a Cordova project then the following proguard rules must be added to your proguard-rules.pro
file in order to prevent plugins from breaking:
-dontwarn kotlin.reflect.jvm.KCallablesJvm
-keep class org.apache.cordova.** {*;}
-keep class * extends org.apache.cordova.CordovaPlugin {*;}
If your project does not contain a proguard-rules.pro
file you can add one in platforms/android/app/build.gradle
android {
//...
buildTypes {
release {
//...
proguardFiles("proguard-rules.pro")
}
}
}