I'm currently working on a React-native / Expo app.
After some research on security risk with react-native, I found that it was very easy to do reverse engineering on a APK and get the javascript code source.
For my app, I'm using AWS Amplify for the backend. So, all privates informations like Cognito Pool ID, S3 Bucket and other endpoints are readable easily in the aws-export.js after reverse engineering.
I know that it is possible to obfuscated the file with react-native-obfuscating-transformer or the entire app APK with Proguard but don't know if it is a correct way to secure this file.
So, my question is:
Is there a way to secure aws-export.js accordingly with the today production standard in React Native ?
Thanks in advance to everyone who take the time to answer.
Related
I'm building my first React Native app and I want to have Google signin.
I first went down the path of trying to integrate the library react-native-google-signin - seemed like a promising library! But then very quickly I got mired in problems with my development environment and figuring out Expo development builds. I never quite got it working.
Then I tried Expo's Google authentication integration, and I've gotten that working, at least on web and iOS via Expo. It returns the logged-in user's Google access_token, which I think is all I'm needing (I currently don't need access to any other of the user's Google data).
My main question is: what are the drawbacks or limitations of using Expo's authentication option, or, why would I want to use the react-native-google-signin library despite its much greater added complexity? Is the Expo option going to break when I try to officially turn my app into a native iOS app?
In order to quickly prototype ideas for a personal project I'm interested in a solution where I use Prisma directly from a react native app. (I'm aware this is not something you'd do in production.) Data for the single user app would be stored in some free SQL cloud DB. I would store auth information locally in the client.
Is this possible just like it would be possible in a nodejs Cli or webapp?
Currently Prisma only works on servers so you would need to use it on Node. There's a request for react-native support so you can add upvote the request.
So I wrote an app in React Native. Now I have my Django Rest framework and a mysql database. I know: I should pay a hosting service to host my database and put the React Native code in the playstore. (This is meant symbolically) But Now I still have the Django Rest framework project - where should I store that? I may also have profile images in the app. Where should I store those? Sorry if the question seems a bit silly
You just need to get a webserver. For example Digital Ocean or Amazon Webservice, etc.. There you have to upload the project and you access the website over your own domain e.g.: www.yourproject.com
Now you can use your urls for example
www.yourproject.com/api/user
I hope I could help you
Say I have a staging API url and a production API url. What is the best way to setup the app to use the production API url when I want to release a build to the stores and the staging API url when I am running in debug mode and just uploading to TestFlight/Internal Beta?
I was looking at react-native-config but it seems quite daunting to configure. Would using the DEV variable be possible/practical?
Thanks in advance.
I’m trying to create an app generator that creates an expo app and then deploys it to the app store and play store.
I’ve done the generator part, now I have to do the deploy.
My question is, is there a way I can answer to expo-cli interactions in expo build and upload automatically? So I can set them before and then when the user generates the app, I can automatically in an aws instance deploy this app to my app store account?
I know that I can set apple id and password before, as I can set push key and provisioning key. But the first question “? How would you like to upload your credentials? (Use arrow keys)” I just can’t.
I just solved it myself with autoexpect!