React Native & Hermes: Is Additional Code Obfuscation Beneficial? about hermes HOT 1 CLOSED

This is a good question. You're correct the compilation of JavaScript into optimized bytecode by Hermes inherently provides a significant level of obfuscation. This is because the bytecode is much more difficult to reverse-engineer compared to minified JavaScript source code.

However, it's important to note that while bytecode is harder to understand than JavaScript, it doesn't make reverse-engineering impossible. It preserves attributes like property names, and depending on compilation flags, function names (those can be disabled by passing -fstrip-function-names). A determined attacker with enough time and resources could potentially still decipher it.

As for applying an additional layer of obfuscation to the bundle.js file, it could potentially add an extra layer of security. Obfuscation can make the reverse-engineering process more time-consuming and complex. It's good to keep in mind that obfuscation is not a foolproof security measure. It's more of a deterrent than a definitive protective measure.

The practical benefit of applying a code obfuscator would largely depend on the specific security needs of your project. If the code contains highly sensitive logic or information, then adding as many deterrents as possible could be beneficial. This is similar to Android apps, which are also compiled to bytecode, yet obfuscators for Android exist.

In conclusion, while Hermes' compilation to bytecode does provide a significant level of obfuscation, but the exact 'level' of obfuscation is challenging to quantify and should not be relied upon as a sole security measure. Additional security practices, such as code obfuscation, could be considered based on the specific needs and context of your project.

from hermes.