React Native Security Question (.env)
Building an app using Expo + Supabase.
During the set up I created some envs.
Everything works, but what happens to the environment variables? Can an attacker access them from the mobile app?
In web dev it's simple, secret variables stay on the server. I don't understand what mobile does to address this issue, to me it just looks like the .env is bundled in the app, and the app is on the user's device therefore susceptible to attack?
Any help appreciated.
During the set up I created some envs.
Everything works, but what happens to the environment variables? Can an attacker access them from the mobile app?
In web dev it's simple, secret variables stay on the server. I don't understand what mobile does to address this issue, to me it just looks like the .env is bundled in the app, and the app is on the user's device therefore susceptible to attack?
Any help appreciated.
Similar Threads
Was this page helpful?
