In this article, we will learn about the React Native Security. We will discuss about securing the react native application and used plugins. This is Part 1 for React Native Mobile Application Security.
Similarly to Cordova, the bundle file is present in the assets folder and, as also happens with Cordova, we can assume React Native apps as containers that run JS code. This logic is implemented in the expo. Under certain limitations, Expo can run different business logic in a single application. At this moment, it’s fair to assume the entry-file as the core application logic.
Secure Mobile Application is divided into three sections :
- Securing app to server connection
- Securing local data
- Advanced integrity checks
- react-native-ssl-pinning: this plugin uses OkHttp3 on Android and AFNetworking on iOS to provide SSL pinning and cookie handling. In this case, we will be using
fetchfrom the library to consume APIs. For this library, we will have to bundle the certificates inside the app. Necessary error handling needs to be implemented in older apps to handle certificate expiry. The app needs to be updated with newer certificates before certificates expire. This library uses promises and supports multi-part form data.
- react-native-pinch: this plugin is similar to
react-native-ssl-pinning. We have to bundle certificates inside the app. This library supports both promises and callbacks.
- react-native-cert-pinner: this plugin allows us to use public hashes to pin the server. Unlike the plugins above, we can use fetch and other utilities directly. The pinning occurs before native JS is run. Also, there is no requirement to define hashes in the request itself.
- react-native-trustkit: this is a wrapper plugin for the iOS Trustkit library. This library is available for iOS only.
In part-2, We will learn about React Native Mobile Application Security related to Local Storage.
In Part-3, We will learn about React Native Mobile Application Security related to Advance Integrity Checks.
If you have any comments, questions, or think I missed something, feel free to leave them below in the comment box.
Thanks again Reading. HAPPY READING!!😊😊😊