In today’s digitally driven world, React Native Apps have become indispensable components of our everyday routines. From banking to socializing, we entrust our smartphones with sensitive information, making mobile security a top priority for developers and users. React Native, a popular framework for building cross-platform mobile apps offers a powerful and flexible environment. However, ensuring the security of React Native Apps requires a proactive and comprehensive approach.
1. Code Obfuscation
Code obfuscation involves altering an executable to render it unusable to hackers while maintaining its full functionality. This alteration may involve changing method instructions or metadata without affecting the program’s output. The primary aim of code obfuscation is to thwart unauthorized access to an application’s logic, thereby hindering data extraction, code tampering, vulnerability exploitation, and other malicious activities by unauthorized parties. So below I’m giving examples of the original code and Obfuscated code both are there.
// Original React Native component code
import React from 'react';
import { View, Text, StyleSheet } from 'react-native';
export default function MyComponent() {
const calculateTotal = (price, quantity) => {
return price * quantity;
};
return (
<View style={styles.container}>
<Text>Total: {calculateTotal(10, 5)}</Text>
</View>
);
}
const styles = StyleSheet.create({
container: {
flex: 1,
justifyContent: 'center',
alignItems: 'center',
},
});// Obfuscated React Native component code
import React from 'react';
import { View, Text, StyleSheet } from 'react-native';
export default function A() {
const b = (c, d) => {
return c * d;
};
return (
<View style={styles.container}>
<Text>Total: {b(10, 5)}</Text>
</View>
);
}
const styles = StyleSheet.create({
container: {
flex: 1,
justifyContent: 'center',
alignItems: 'center',
},
});To obfuscate the React Native code you can use React Native Obfuscating Transformer package and follow the instructions given below:
yarn add react-native-obfuscating-transformer --dev
//In metro.config.js
module.exports = {
+ transformer: {
+ babelTransformerPath: require.resolve("./transformer")
+ },
}If you have multiple configurations related to transformation you can follow code as well.
const {getDefaultConfig, mergeConfig} = require('metro-config');
module.exports = (async () => {
const {
resolver: {sourceExts, assetExts},
} = await getDefaultConfig();
let config1 = {
transformer: {
getTransformOptions: async () => ({
transform: {
experimentalImportSupport: false,
inlineRequires: false,
},
}),
babelTransformerPath: require.resolve('react-native-svg-transformer'),
},
resolver: {
assetExts: assetExts.filter(ext => ext !== 'svg'),
sourceExts: [...sourceExts, 'svg'],
},
};
let config2 = {
transformer: {
getTransformOptions: async () => ({
transform: {
experimentalImportSupport: false,
inlineRequires: false,
},
}),
getTransformModulePath: () => {
return require.resolve('./transformer');
},
},
};
return mergeConfig(config1, config2);
})();2. Secured Storage & Security
One of the primary concerns in mobile security is how an application stores sensitive data. React Native apps should employ secure storage mechanisms, such as encryption, to protect user credentials, payment information, and other sensitive data.
We can store keys related to applications like API keys, social login keys, payment related keys in env files (.env). Utilizing libraries like React Native Keychain can help securely store sensitive information on the device like user-related tokens, Keys, and other information. You can check the example below.
import * as Keychain from 'react-native-keychain';
async () => {
const username = 'zuck';
const password = 'poniesRgr8';
// Store the credentials
await Keychain.setGenericPassword(username, password);
try {
// Retrieve the credentials
const credentials = await Keychain.getGenericPassword();
if (credentials) {
console.log(
'Credentials successfully loaded for user ' + credentials.username
);
} else {
console.log('No credentials stored');
}
} catch (error) {
console.log("Keychain couldn't be accessed!", error);
}
await Keychain.resetGenericPassword();
};3. Regular Updates
In react native we are using many custom libraries, and packages to get basic and extra features. So we have to keep up to date with all libraries to the latest version.
While installing or adding new dependencies we have to check if it’s properly maintained or not, whether it has good stars or not. How many issues are related to that library open and closed. Because if you use the wrong SDK your app may not work properly after some time. If you want more information about developed libraries you can use the Snyk tool to check the health of your application and libraries. You can login or sign up for this tool and get the analysis of the packages and app.
You may need to update some libraries and your code after analysis. But after that, you need to verify your whole app again because the updated library may contain some different configuration than the older one.
4. Error Handling
We can handle the errors using the catch block of the try-catch statement or Promise’s catch block.
HTTPService.getRequest(baseUrl)
.then(response => {
dispatch(requestCompleted());
if (response?.status_code === StatusCode.SUCCESS) {
let data = response?.data[0];
dispatch(getNotificationListSuccess(data));
}
})
.catch(error => {
// show toast error message
dispatch(requestCompleted());
});In React Native Apps, when calling the GET API for a particular feature, the response is generated based on success. However, in the catch block, it’s crucial to handle API failure by displaying only generic information to the user. Revealing additional details could potentially expose sensitive information to attackers, posing a risk to the app’s security and integrity. Therefore, it’s imperative to limit the information shown in error messages to prevent potential exploitation.
5. Penetration Testing
In React Native Apps, employing testing methods is essential to prevent cyber attacks and identify potential vulnerabilities. These methods involve checking for common vulnerabilities such as insecure data storage, insecure network connections, code injection, insecure authentication, insecure validations, and more. To mitigate these vulnerabilities, proper planning is crucial for testing the mobile app, focusing particularly on areas where attackers might exploit weaknesses.
Testers play a vital role in identifying and reporting issues generated through vulnerabilities promptly. This allows developers to address them efficiently and at an early stage. Additionally, testers can conduct thorough regression testing on applications to continuously enhance their resilience against cyber attacks.
6. JailBroken
When we are developing an app we need to check if the device is rooted, jailbroken, or not. If yes we need to handle it because that device has low security which can increase the security concerns for our app which can be helpful to create different types of vulnerabilities and cyber attacks. So we can use jail-monkey SDK to check if the device is rooted or jailbroken or not.
import JailMonkey from 'jail-monkey'
if (JailMonkey.isJailBroken()) {
// Show Popup or Exit the user from the app to use the app if the device is rooted or jailbroken.
}
In this article, I have outlined some steps to enhance security in your React Native Apps. When developing applications that handle sensitive data such as financial information or medical records, it’s imperative to prioritize their protection. Keeping React Native Apps updated with the latest security measures is essential to safeguard against cyber attacks and maintain the integrity of the data.
!! Enjoy, Keep, and Do Delicious Coding !!🙂🙂
Launch Faster with Low Cost: Master GTM with Pre-built Solutions in Our Webinar!
Register Today!
I collaborated with Mindbowser for several years on a complex SaaS platform project. They took over a partially completed project and successfully transformed it into a fully functional and robust platform. Throughout the entire process, the quality of their work...
President, E.B. Carlson
Mindbowser and team are professional, talented and very responsive. They got us through a challenging situation with our IOT product successfully. They will be our go to dev team going forward.
Founder, Cascada
Amazing team to work with. Very responsive and very skilled in both front and backend engineering. Looking forward to our next project together.
Co-Founder, Emerge
The team is great to work with. Very professional, on task, and efficient.
Founder, PeriopMD
I can not express enough how pleased we are with the whole team. From the first call and meeting, they took our vision and ran with it. Communication was easy and everyone was flexible to our schedule. I’m excited to...
Founder, Seeke
Mindbowser has truly been foundational in my journey from concept to design and onto that final launch phase.
CEO, KickSnap
We had very close go live timeline and MindBowser team got us live a month before.
CEO, BuyNow WorldWide
If you want a team of great developers, I recommend them for the next project. Â
Founder, Teach Reach
Mindbowser built both iOS and Android apps for Mindworks, that have stood the test of time. 5 years later they still function quite beautifully. Their team always met their objectives and I'm very happy with the end result. Thank you!
Founder, Mindworks
Our CISO was extremely impressed by Mindbowser’s work. It is pretty rare to see this kind of clean security report so early in the company’s journey. Huge Thank you for the disciplined approach here.
Founder, TrestleIQ
Mindbowser has delivered a much better quality product than our previous tech vendors. Our product is stable and passed Well Architected Framework Review from AWS.
CEO, PurpleAnt
The flexibility and capacity of the Mindbower staff has been impressive.
CEO, ProofPilot
I am happy to share that we got USD 10k in cloud credits courtesy of our friends at Mindbowser. Thank you Pravin and Ayush, this means a lot to us.
CTO, Shortlist
Mindbowser is one of the reasons that our app is successful. These guys have been a great team.
Founder & CEO, MangoMirror
Kudos for all your hard work and diligence on the Telehealth platform project. You made it possible.
CEO, ThriveHealth
Mindbowser helped us build an awesome iOS app to bring balance to people’s lives.
CEO, SMILINGMIND
They were a very responsive team! Extremely easy to communicate and work with!
Founder & CEO, TotTech
We’ve had very little-to-no hiccups at all—it’s been a really pleasurable experience.
Co-Founder, TEAM8s
Mindbowser was very helpful with explaining the development process and started quickly on the project.
Executive Director of Product Development, Innovation Lab
The greatest benefit we got from Mindbowser is the expertise. Their team has developed apps in all different industries with all types of social proofs.
Co-Founder, Vesica
Mindbowser is professional, efficient and thorough.Â
Consultant, XPRIZE
Very committed, they create beautiful apps and are very benevolent. They have brilliant Ideas.
Founder, S.T.A.R.S of Wellness
MindBowser was great; they listened to us a lot and helped us hone in on the actual idea of the app. They had put together fantastic wireframes for us.
Co-Founder, Flat Earth
Ayush was responsive and paired me with the best team member possible, to complete my complex vision and project. Could not be happier.
Founder, Child Life On Call
As a founder of a budding start-up, it has been a great experience working with Mindbower Inc under Ayush's leadership for our online digital platform design and development activity.
Founder, Courtyardly
The team from Mindbowser stayed on task, asked the right questions, and completed the required tasks in a timely fashion! Strong work team!
CEO, SDOH2Health LLC
Mindbowser was easy to work with and hit the ground running, immediately feeling like part of our team.
CEO, Stealth Startup
Mindbowser was an excellent partner in developing my fitness app. They were patient, attentive, & understood my business needs. The end product exceeded my expectations. Thrilled to share it globally.
Owner, Phalanx
Mindbowser's expertise in tech, process & mobile development made them our choice for our app. The team was dedicated to the process & delivered high-quality features on time. They also gave valuable industry advice. Highly recommend them for app development...
Co-Founder, Fox&Fork
