Data security improvements with the new architecture? #46
Replies: 1 comment 1 reply
-
|
hey @charliecruzan-stripe, to share some of my thought here. there's no true security. even in native apps, there're still some ways to hook api calls, e.g. through objc method swizzling. in react-native bridge, people may use to harden the stripe library for a reference, e.g., you could try to inherit a custom TextInput to encrypt the credit card numbers from native side and decrypt the messages until delivered to server side. |
Beta Was this translation helpful? Give feedback.
-
Yep, this was our plan! Just thought I'd ask here and see if there was a substantial security difference now. thanks @Kudo |
Beta Was this translation helpful? Give feedback.
-
Hi! Really excited about the new architecture. Think it'll be a huge step forward for React Native as a whole! We're looking to add support to Stripe's React Native SDK asap 🚀
Some questions I was hoping to get answered: in the original RN architecture, data was passed from JS to native via the bridge. These messages weren't secure, since the bridge's message queue can be easily read. It looks like with the new architecture, that is no longer the case, thanks to JSI?
Bc of the bridge's message queue being public in the original architecture, we couldn't pass protected data from JS to native via native method calls in a privacy-compliant way (due to the previously mentioned bridge exposure). Instead, native views would be mounted that collect the data directly themselves. I'm hoping that with this new architecture, the native method calls (and the associated parameters) are no longer exposed like they were with the bridge? Was just hoping I could get some confirmation on that :)
Beta Was this translation helpful? Give feedback.
All reactions