Photo by Ferenc Almasi on Unsplash
React Native is a very popular framework for building cross platform apps. Apps are developed in Javascript, but with full support for inclusion of native iOS or Android libraries where that is necessary. You shouldn’t need to compromise on security though just because you are using a higher level framework rather than developing native apps. Our React Native Quickstart allows you to easily get up and running with Approov, whether you are building a new app or adapting an existing one to have an improved security posture.
The integration will automatically add special Approov tokens to your API calls that will prove to a backend API that the call is really coming from your official app, and not anything else trying to spoof requests. You control what versions of the app are valid, and also what characteristics of the runtime environment are allowed. Approov has advanced detections for debugging, rooted and jailbroken devices, and the presence of certain frameworks that might be tampering with your app. You can choose to block apps running on such devices from receiving valid tokens. What’s more, the detections can be automatically updated over the air. Approov also adds full support for certificate pinning that you can manage without having to push a new version to the app store or forcing an update.
The Approov SDK is provided as a native library, with versions available for iOS and Android. You just need to download the latest versions and include the react-native-approov module that we provide. Simply add this module into your project in the normal way using yarn.
We provide an open source Javascript layer that you include in your project which mediates access to the underlying Approov native modules. If you are using the default Fetch approach for making API calls then adding Approov is as simple as adding these two lines to your app:
import approovFetch from './ApproovFetchSupport';
this.fetch = approovFetch;
This imports our interceptor for fetching and then causes all fetches to delegate to it. The Approov token header is added and certificate pinning checks instituted, before passing on the request to the standard fetch implementation. We even have an Axios version too if that is your preferred networking approach. Please let us know if there is any other networking library that you would like to see supported out of the box like this in the future.