DEV Community

Cover image for ๐Ÿš€ Writing secure React Native app
Cossack Labs
Cossack Labs

Posted on โ€ข Originally published at cossacklabs.com

3 1

๐Ÿš€ Writing secure React Native app

Check if you are aware of the risks and threats developers should address to prevent typical security mistakes in React Native applications.

Find details in a new Cossack Labsโ€™ blog post or first get an appetite for it with an abstract here.


When looking at the React Native app from the security perspective, you need to analyze all its parts one by one, and the communication between them as well. It requires an understanding of iOS and Android native platforms, JavaScript engines, and the connection between them โ€“ the Bridge.

Trusting React Native platform and its components means that you understand and accept potential security consequences.

Alt Text

Keep in mind that:

  1. The collaboration of backend and mobile app developers is key to produce secure mobile applications. The community around React Native platform provides common modules for platform-specific features. They help React Native developers save precious time by avoiding writing native code.

    The downside is that the additional abstraction layer distances developers from app internals even further. When choosing React Native as a platform for mobile applications, you also need to accept the risk of delayed updates (compared to pure native apps) and increased MTTD/MTTR, and prepare a remediation strategy.

  2. React Native platform is a third-party framework developed by Facebook. And who knows what Facebook code is inside The Bridge? So, adding the React Native framework means adding another party that should be trusted as well.

  3. Even though React Native apps are associated with an adequate level of protection against XSS attacks, developers can use potentially dangerous API in JavaScript code, like the eval() function.

  4. In addition to React Native security specifics, OWASP MASVS and MSTG should be used as a foundation of appropriate security measures in apps.

  5. Continuous dependency scanning and patching is an essential step in Secure-SDLC and automated security testing of React Native apps. Many tools help in automating the update process (f.e. Dependabot), but manual work always remains for modules that can't be updated easily.

So... What are the best practices to build a secure React Native app? @Julia Potapenko from @CossackLabs packed some working ideas in a new blog post here.

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (0)

๐Ÿ‘‹ Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay