Based on the comment above by wkozyra, if it’s private the only difference is it won’t show up on your profile
For private meaning
unlisted that it’s correct, for
hidden it’s not, but regardless of that I’m not really sure why it changes anything, the only thing that is “private” in that case is a website page, an actual endpoint for OTA updates is still public (because it has to be for any device to download updates) and on that endpoint, you can access the same info that website would display.
Self-hosting your js bundle also does not change much, because any user that can install your app can just unzip apk or ipa and get access to that code. This is not anything specific to expo, the same problem exists for react-native or native Android/iOS apps (although it’s harder to do with native code than with js) or any client-side application.
The only case where the above does not apply is when you consider all devices it will be installed on as “trusted”. In that case if you want to have true private app you would need to:
- use turtle-cli instead of cloud builds http://github.com/expo/turtle-cli
- self-host on localhost on the machine or CI job where you run turtle-cli build
- disable OTA updates
but by choosing this approach you are losing a lot of benefits that Expo provides