I am curious, if I publish my app as a responsive web app, can someone use webpage developer tools to view the apps code/data? I am making a dispatching app for my job and need it to be secure. I’m just curious what sort of “security” our apps really have.
1 Like
What specifically are you trying to protect? The code itself, or API keys/secrets within the code?
2 Likes
Both I suppose, though the code itself isnt as big and issue.
Rule #1 - don’t take internet security advice from unvetted random strangers.
With that said…
Only a member of the Thunkable staff can really tell you about what level of encryption/obfuscation they’re using.
But YOU have the ability to control what data the app has. If you require the user to authenticate with Firebase, and then you write wise Firebase rules that restrict what data that authenticated user can access, you’ll have taken a pretty good step towards only letting the user access their own data. Think carefully about what bins your data go into and which bins each user can read and write. Don’t give a user more permissions than they need to have, even if you don’t provide the ability to change something in the app, don’t provide it period.
If you have sensitive data, your app should /not/ slurp all of it and then decide what parts the user is allowed to see.
This is likely a good place to start: Firebase Security Rules
5 Likes