Hosting your App on private Github Repo

Could you host your App on a private Github repository or on a server with authentication?
So you would pass your App the credentials (like for http basic auth) and then the App would fetch the code via OTA with the provided credentials.

If you can embed the auth in in the URL, it seems like in theory you can do this using the “hosting your own” (https://docs.expo.io/versions/latest/distribution/hosting-your-app/) instructions. If this is to make it less likely someone can obtain your (minified, uplifted) source code, I’d stress that this doesn’t offer really any additional protection. The code will be downloaded to the device, so it can be obtained that way, and the username and password would have to be hardcoded into the app. You definitely wouldn’t want to put the bundle in the same Github repo as your source code- that would make it way easier for an attacker to obtain your non-minified source code. Github also really isn’t intended to host apps so such traffic may trigger some red alarms on their side.

1 Like