0

I am creating a react native mobile application using Expo. This app simply renders information - there is no data collection or entry, no user accounts, no database (other than JSON storage). There is not a single input box in the entire app, it is simply an information portal. The app does, however, link directly to outside web addresses using Linking.openURL(<some URL>).

Are there any security concerns with this type of app that I should be aware of?

Sir Muffington
  • 1,447
  • 2
  • 9
  • 22
server_unknown
  • 103
  • 6
  • Domain hijacking, DNS poisoning/hijacking would be one of the issues that would affect you if you were to host it on the World Wild Web. – Sir Muffington Jul 13 '22 at 19:51
  • 1
    I would recommend to open the links in the external web browser if the pages don't belong to content you would consider as part of your app. – Robert Jul 14 '22 at 07:15

1 Answers1

1

The risks on the application level are limited in this case, but let me expand upon the risks I would identify.

Infrastructure

Any servers/systems hosting and serving the application may be vulnerable and should be properly configured and regularly updated.

DNS

Make sure the domain name is signed with DNSSEC to prevent poisoning attacks. Configure SPF, DKIM and DMARC, to prevent e-mail spoofing. This is also relevant if your domain is not used for e-mail at all (see this). CAA records can be configured for additional security.

Application

Make sure the domain is served via HTTPS, you have security headers like HSTS, Content-Security-Policy, Referrer-Policy, X-Frame-Options and X-Content-Type-Options configured.

The external domains you are linking to could of course in theory expire and be registered by others, so you might want to regularly check if they are still valid.

Wouter
  • 397
  • 1
  • 12