For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.

Encrypting the web resources of your Cordova packages

We can use the MobileFirst Platform CLI to encrypt the content in the www folder of the .apk or .ipa packages of your Cordova web apps.

Before you begin

The best time to complete this procedure is after finishing your app development and are ready to deploy the app. If you run any of the following commands after you complete the web resources encryption procedure, the content that was encrypted becomes decrypted:

If you run one of the listed commands after you encrypt the web resources, we must complete this procedure again to encrypt the web resources.


To minimize the risk of someone viewing and modifying your web resources while it is in the .apk or .ipa package, we can use the IBM MobileFirst Platform Foundation mfpdev app webencrypt command or the mfpwebencrypt flag to encrypt the information. This procedure does not provide encryption that is impossible to defeat, but it provides a basic level of obfuscation.

To encrypt the content in the package of your Cordova app with the MobileFirst Platform CLI, complete the following steps:


  1. Open a terminal window and navigate to the root directory of the Cordova app that we want to encrypt.
  2. Prepare the app by entering one of the following commands:
    • cordova prepare
    • mfpdev app webupdate
  3. Complete one of the following procedures to encrypt the content:
    • Enter the following command:

      mfpdev app webencrypt

      Tip: We can view information about the mfpdev app webencrypt command by entering mfpdev help app webencrypt.

    • We can also encrypt the web resources of your Cordova packages by adding the mfpwebencrypt flag to the cordova compile or to the cordova build command when you build your packages.

      cordova compile -- --mfpwebencrypt

      cordova build -- --mfpwebencrypt

    The operating system information in the www folder is replaced by a file that contains the encrypted content.

    If your app is for the Android operating system and the file is larger than 1 MB, the file is divided into smaller 768 KB .zip files that are named The variable nnn is a number from 001 through 999.

  4. Test the application with the encrypted resources by using the emulator that is provided with the platform-specific tools. For example, we can use the emulator in Android Studio for Android, or Xcode for iOS.

    Note: Do not use the following Cordova commands to test the application after you encrypt it:

    • cordova run
    • cordova emulate
    These commands refresh the content that was encrypted in the www folder, and saves it again as decrypted content. If we use these commands, remember to complete the procedure again to encrypt it before you publish the app.