Proguard: Is it possible? Is it necessary?


Is it possible to use something like Proguard to protect your source when using Expo/React Native? Is it necessary, or is there any other obfuscation happening as it is?



We run proguard on the native code, but it doesn’t apply to the JS code.

There’s very little value in obfuscating your code from a security perspective. An Expo app, in general, is similar to a web application – the code is hosted remotely (not the raw source of course, but the compiled output), and thus can theoretically be viewed by anyone who wants to look at it.

Good security practices for Expo apps are very similar to good security practices for web apps, such as “don’t embed secrets in your source code”.


Ah, understood! I’ve encountered a story or two of developers who’s apps have been reverse engineered and re-released, but it’s probably an unlikely event.


Yah, definitely unlikely. And if that does happen, there are other avenues to protect yourself most likely through legal means.

Fact of the matter is that most apps could be be reverse-engineered given enough time and effort, Proguard or not.