Hi, I have made an app for android and gave the .apk file to my friend, he then opened it and now has access to all of my hard work, such as assets, code(.lua files) etc… and this is just so fucking annoying… I have tried searching about ways to secure my app, but it doesn’t seem to be possible in corona, If corona cannot provide security for my app, then I regret buying it, and would recommend not to use corona, because quality goes first, and since the app is not well secured, you failed…
Looking forward for answers… -_-’
This has been discussed before, and no, there is no security for your assets.
Gideros Studio is another Lua Game Engine, similar to Corona, but has asset encryption for Indie and Pro subscribers. Also much cheaper than Corona, Indie is just 150$/year and is the equivalent of Corona Enterprise by allowing you to make your own plugins.
You should check it out if you are concerned about asset encryption.
While Gideros does offer encryption, it does lack so many other things that Corona offers. Quite simply, I really don’t think there is any middleware software product that offers everything that developers actually want.
And judging by how slow Corona Labs is to release things, it’s not going to have everything developers want ever. 
If only they could get a plugin marketplace open…
If you only gave your friend a *.apk file, then he doesn’t have access to your *.lua files.
no, but close: compiled .luac’s are in resource.car, plain strings (perhaps app keys/ids or other such ‘sensitive’ data) are plaintext, and if he gave out a build against a debugkey, then symbolic info is in there too, so extract/header-strip the .lu’s and run through luac.exe to decompile produces ‘nearly readable’ vm code dump (and still ‘barely readable’ even w/o symbolic info). granted that ‘grandma’ wouldn’t do this, but it’s a 30-second job for a ‘hacker’ - not an issue for the next flappy clone, but might be if you’re a gambling app w some close surrogate of ‘real’ money.
This has been discussed before, and no, there is no security for your assets.
Gideros Studio is another Lua Game Engine, similar to Corona, but has asset encryption for Indie and Pro subscribers. Also much cheaper than Corona, Indie is just 150$/year and is the equivalent of Corona Enterprise by allowing you to make your own plugins.
You should check it out if you are concerned about asset encryption.
While Gideros does offer encryption, it does lack so many other things that Corona offers. Quite simply, I really don’t think there is any middleware software product that offers everything that developers actually want.
And judging by how slow Corona Labs is to release things, it’s not going to have everything developers want ever.
If only they could get a plugin marketplace open…
If you only gave your friend a *.apk file, then he doesn’t have access to your *.lua files.
no, but close: compiled .luac’s are in resource.car, plain strings (perhaps app keys/ids or other such ‘sensitive’ data) are plaintext, and if he gave out a build against a debugkey, then symbolic info is in there too, so extract/header-strip the .lu’s and run through luac.exe to decompile produces ‘nearly readable’ vm code dump (and still ‘barely readable’ even w/o symbolic info). granted that ‘grandma’ wouldn’t do this, but it’s a 30-second job for a ‘hacker’ - not an issue for the next flappy clone, but might be if you’re a gambling app w some close surrogate of ‘real’ money.