保护 React Native 应用程序涉及保护数据(安全存储、加密传输)、安全处理机密和令牌、保护JavaScript 包,以及遵循移动安全最佳实践。安全很重要,因为应用程序处理敏感的用户数据。
数据和凭证安全
✓ SECURE STORAGE for sensitive data — react-native-keychain / expo-secure-store
(encrypted, keychain/keystore) — NOT AsyncStorage (which is NOT encrypted) for tokens/
credentials (a common mistake)
✓ HTTPS/TLS for all network traffic; certificate pinning for sensitive apps
✓ Don't HARDCODE secrets/API keys in the JS — the JS BUNDLE can be extracted/inspected
(anything in the app can be reverse-engineered) → keep real secrets on the SERVER
✓ Secure auth: OAuth, short-lived tokens, secure refresh; biometric auth where appropriate
