development in a highly regulated sector

Please provide the following:

  1. SDK Version: latest
  2. Platforms(Android/iOS/web/all): all
  3. Add the appropriate “Tag” based on what Expo library you have a question on.

I’m currently investigating the best way to develop react-native apps and all the signs point to expo. The only issue is that I work in the financial sector, we’re heavily regulated, behind a corporate proxy, with very strict compliance and cyber standards.
I’m after information about what expo can do to allay anxiety about developing apps using expo under these constraints. Specifically around where code gets compiled, what infra-structure gets used to build it, is any of the data open to be spied on during development? Is it stored after building, if so, how long for?
I’m sure there must be others out there in the same boat.
thanks for any help, suggestions, advice.

I tried to do this I can’t get it to fully prevent EAS / Expo from calling home.

Why do I still need to be logged into expo for EAS local build if I have the credentials.json already - Expo Application Services (EAS) - Forums

I do run the builds locally so at least it uses proxied repositories. The final bit of delivering to Apple/Google is managed by another build stage with separate credentials.

Push notifications do not need Expo either, but you’d be responsible to set up the communication channel to Google FCM or Apple Push Notifications. It’s not too difficult from what I can tell, just didn’t make the time to migrate away yet.

I also explicitly disable the “updates” functionality and rely on a proper upload per version to the app store (it may mean the updates are bigger because it’s a full app, but it’s under my control). Note you’re still forced to have expo-updates turned on if you want to prototype using Expo Go from what I can tell (or at least it nags me everytime I try to do expo publish).

However, there does not appear to be any way to fully decouple yourself from using Expo’s systems.

1 Like