DEV Community: Volodymyr Kuiantsev The latest articles on DEV Community by Volodymyr Kuiantsev (@vladimir_kuiantsev_fe6ba4). https://dev.to/vladimir_kuiantsev_fe6ba4 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3220709%2F240e6365-01db-4499-a0bd-f863d84c8ffc.jpeg DEV Community: Volodymyr Kuiantsev https://dev.to/vladimir_kuiantsev_fe6ba4 en Mobile App Security Goes Native Volodymyr Kuiantsev Sat, 14 Jun 2025 08:39:37 +0000 https://dev.to/vladimir_kuiantsev_fe6ba4/mobile-app-security-goes-native-5aa5 https://dev.to/vladimir_kuiantsev_fe6ba4/mobile-app-security-goes-native-5aa5 <p>API keys used to be the go-to solution for securing mobile apps. But in 2025, that’s no longer good enough.</p> <p>Reverse engineering, emulators, and bot traffic are making mobile backends more vulnerable than ever. Hardcoded API keys can’t tell you who’s making a request—or whether the app has been tampered with. That’s where native mobile security steps in.</p> <h2> The Problem: API Keys Can’t Keep Up </h2> <p>Every time you ship an API key inside your app, you risk it being extracted, shared, or automated. Bots can simulate app behavior, spam your backend, and exploit free-tier resources.</p> <p>You can rotate keys. You can obfuscate code. But you can’t secure what you can’t verify. And API keys alone give you zero context.</p> <h2> A Better Path: Attestation as the First Gate </h2> <p>Android and iOS now support cryptographic attestation:</p> <ul> <li> <strong>Play Integrity API (Android)</strong> checks device and app integrity.</li> <li> <strong>App Attestation (iOS)</strong> uses a Secure Enclave key tied to your app.</li> </ul> <p>These tools help you prove each request comes from the genuine app on a real device—closing the door on emulators, clones, and jailbroken systems.</p> <h2> Smarter Token Issuance </h2> <p>Instead of relying on hardcoded secrets, more teams are issuing short-lived tokens (e.g., JWTs) only after attestation passes. This gives you:</p> <ul> <li>Trust at runtime—not just at build time</li> <li>The ability to flag low-integrity devices</li> <li>Protection against token reuse and API scraping</li> </ul> <h2> Why It Matters Now </h2> <p>As more apps adopt freemium models or expose APIs to third parties, the surface area for abuse grows. Native security features aren’t “nice to have” anymore—they’re critical infrastructure.</p> <p>In 2025, <strong>secure API access in mobile apps</strong> means embracing the verification tools built into the OS. It’s the only scalable way to <strong>implement your mobile-to-api security</strong> strategy with confidence.</p> <p><strong>P.S.</strong> If you’re looking for a backend that handles attestation and token issuance out of the box, check out <a href="https://calljmp.com" rel="noopener noreferrer">Calljmp</a>—it’s built for mobile-first apps.</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> </code></pre> </div> mobile reactnative flutter backend Automatic migration for SQLite schemas Volodymyr Kuiantsev Thu, 12 Jun 2025 08:18:16 +0000 https://dev.to/vladimir_kuiantsev_fe6ba4/automatic-migration-for-sqlite-schemas-36fl https://dev.to/vladimir_kuiantsev_fe6ba4/automatic-migration-for-sqlite-schemas-36fl <p>We have built automatic migration for SQLite schemas.</p> <p>You can define schema files of what you want your SQLite database to look like and the CLI will generate required migration files for you.</p> <p>It’s for BaaS but can be used for free no strings attached locally.</p> <p><a href="https://github.com/Calljmp/calljmp-cli" rel="noopener noreferrer">https://github.com/Calljmp/calljmp-cli</a></p> sqlite database cli opensource