New Mobile Developer Seeking Guidance on React Native Security for Banking Apps
Hi everyone,
I’m a new mobile developer and have recently transitioned from web development to working on a banking application using React Native. Since this is my first experience in mobile development, I'm eager to learn about the best security practices to protect sensitive user data effectively.
Given the highly sensitive nature of the information involved, I want to ensure that our application is secure and compliant with applicable regulations. Here are a few questions I have:
What are the essential security measures you recommend for React Native banking applications? I’ve heard about practices like SSL pinning and secure storage options, but I’m looking for comprehensive strategies.
How should I tackle the storage of sensitive user data? I understand that AsyncStorage might not be the best choice for this. What alternatives have you found to be effective?
Have any of you implemented security monitoring solutions or runtime application self-protection (RASP)? If so, how did it affect your development process and user experience?
What tools or methods do you use to assess the security of third-party libraries? I'm aware that introducing insecure dependencies can lead to vulnerabilities.
Are there any compliance issues (like GDPR or other regulations) that I should be concerned about while developing this app?
As a newcomer to mobile development, I really appreciate your insights and advice! Thank you for your help.
Is React Native is better than the Flutter in security or vice-versa?
Any information is would really help me for the best security practices,
If I use native code than I can add that on in RN??
2 Replies
I don't have any actionable advice for you, but just want to point out that writing a banking app as your first mobile app is a wild concept. Writing secure code isn't just a question of checking boxes, you need to be intimately familiar with the ins and outs of both the platform you're writing for and the tools you're using.
you are not ready for a banking app
i though for a few hours on how to tell you this nicely, but, you are going way over your capabilities
and quite honestly, it is above mine too
i would have to study the requirements of your country for data handling and storage
at a bare minimum, i would assume the app uses a strong encryption for this
or just dont store any data locally, and everything is ephemeral and gone after you close the app