Please provide the following:
- SDK Version: 38
- Platforms(Android/iOS/web/all): all
I was wondering what options there are to secure the
Either using Expo’s CDN or
expo export and my own CDN results in the JS code being publicly accessible (you’d have to find it first of course), and there does not seem to be a signing or integrity checking mechanism for the update payload.
So if an attacker either gets access to the CDN location, by credentials compromise, dns MITM, ect. the security model of mobile apps is broken.
Apple and Android stores require signed binary apps to ensure they cannot (easily) be tampered with and enforce control over distribution of the app from dev to user device.
Responsibility of securing the signing keys is responsibility of Apple/Android, upload keys need to be secured by developer.
expo-updates, though very practically useful, seems to bypass / break this model.
If the above is a correct conclusion, I think a statement should be included in documentation to make this a deliberate choice of the dev.