React Native Security Best Practices

[lanbau]

Introduction

Security is a concern for any business owners using React Native.

Source: https://www.straitstimes.com/singapore/transport/private-hire-drivers-caught-hacking-grab-gojek-apps

The Core of It

Are there any best practices to ensure our React Native apps are difficult to be reverse engineered?

Discussion points

• Code obfuscation Source: https://stackoverflow.com/questions/52696998/obfuscate-entire-react-native-app-including-javascript-code
• Storing all keys on server side Source: https://stackoverflow.com/questions/55856221/what-is-the-most-secure-way-store-keys-in-react-native

[cpojer]

Thank you for creating an issue. This type of discussion is best suited for StackOverflow as this repository is primarily for discussions about the future of React Native.

Reverse engineering applications and application security are two different topics. React Native itself does not make it easier or harder to reverse engineer an application (besides JavaScript potentially being easier to "decompile" as it is a higher level of abstraction compared to Swift/Objective-C/Java/Kotlin) and it has no bearing on the security of your applications.

I would suggest to have these conversations at the executive level of your company. Your company should put processes, team structures and security measures in place to avoid security problems.