How to expire an Electron app?


#1

Hello

I’m developing an internal application for our company which should work offline and I would like to secure the application that it is not usable if someone leaves the company.

Is there a way to achieve the behavior that the app is offline usable for 10 days and then needs to go online to renew the license?


#2

Server calls and timestamps.

When the app has internet, connect to your server, take a timestamp. Allow access for 10 days after the last timestamp, then don’t allow access. You should probably go deeper and safer than this, but it’s the general gist of what you want to be doing.


#3

Thanks for your response.

Timestamps were also my first thought but to mock a server and send timestamps “offline” should not be difficult. I read about JavaScript security and it is clear to me that everything on the client side can be compromised. My goal is to make it as hard as possible.
If I go with the timestamps I need to encrypt them on the server and decrypt on the client but again, the secret has to be stored on the client side which can be read.


#4

Sure, timestamps alone aren’t secure, I could change it to never time out, but it’s a start. The thing is with encrypted keys is that without being able to compare against the server, you may never know when to time out.


#5

I searched more on this topic and found out that it seems not possible to do with electron. I will abandon my plan to go completely offline and will do the important calculations on a backend and provide only the results to the users. This way the important stuff is save and if someone steals the tool after leaving the company it is not functioning anymore.