Private Expo App

Is there a way to make your project private, so only people that have installed your standalone app can get the source code from OTA.
I know what I could host my javascript files on my own server, but they are not secured by any kind of authentication so theoretically everyone, who has the url to the source files could get your source code.
And my client (comercial company) doesn’t want that anybody who has the expo client could use my app.

SDK: v33
Platforms: IOS, Android:

Hey @kavofa,

Any application that uses JavaScript exposes a minified version of their source code to the client. This isn’t specific to Expo. When the code is minified, it becomes almost unreadable but if someone has the time, will and patience they could hypothetically un-obfuscate the code. For this reason, you never want to store any API keys, credentials, etc in your client code.

Cheers,
Adam

Thanks @adamjnav,
Is there any way to make your project really private on expo so that nobody can just open your project?
I know you can make your app unlisted, but I don’t mean that. I want the app to be just downloadable through the app stores.
I really want to keep using expo with all its great functionality.

Cheers.

In your app.json…under expo add:

`"privacy": "unlisted"`

https://docs.expo.io/versions/latest/workflow/configuration/#privacy

I believe that ejecting is option for you. That way no runtime js update will happen from CDN and js file will only exists in that app bundle (where is still easily available if you have the bundle).

OR

Disable OTA update and after building a new version of app, build and empty project with the same id so there is not your code on the CDN.

Disabling Updates

It is possible to entirely disable OTA JavaScript updates in a standalone app, by setting updates.enabled to false in app.json. This will ignore all code paths that fetch app bundles from Expo’s servers. In this case, all updates to your app will need to be routed through the iOS App Store and/or Google Play Store.

1 Like