Securing React Native Application from Vulnerability & Penetration attacks

Main points to look for security

  • Screenshot Prevention
  • Rooted/ Jailbroken Device Detection
  • SSL Pinning
  • Storage of Sensitive Data — API EndPoint / FB / Google / Firebase Keys
  • Local Storage
  • Deep Linking
  • Android Specific Security
  • iOS Specific Security
  • Authentication Methods
  • Data Encryption

1. Screenshot Prevention

getWindow().setFlags(WindowManager.LayoutParams.FLAG_SECURE, WindowManager.LayoutParams.FLAG_SECURE);

2. Rooted/ Jailbroken Device Detection

import JailMonkey from ‘jail-monkey’;
//then check inside componentDidMount
if (JailMonkey.isJailBroken()) {
this.setState({
show_proceed_modal: true
})
}
if (Platform.OS == ‘ios’) {
this.checkIfFileExists()
}
Modal

3. SSL Pinning

  • Reduces threat of a rogue Certificate Authority (CA)
  • Increase in-app data security and user privacy
  • Budget-friendly
  • Hackers need to increase resource cost to attack mobile app
  • Reduces exposure of eavesdropping and user device malware
  • Reports Man-In-Middle Attack (MITM) attacks and analyses them
  • Public Key Pinning
  • Certificate Pinning
  • Subject Public Key Info (SPKI) Pinning

4. Storage of Sensitive Data — API EndPoint / FB / Google / Firebase Keys

5. Local Storage

6. Deep Linking

7. Android Specific Security (Protecting APK or app bundle)

buildTypes {
release: {
minifyEnabled true
}
}

8. iOS Specific Security

<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>localhost</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>

9. Authentication Methods

10. Data Encryption

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Imdad Hussain

Imdad Hussain

24 Followers

Mobile Engineer @ Nova, React | React Native|Redux, JavaScript | TypeScript mostly Frontend | more at https://hussainimdad.web.app/