is SSL pinning requirement a NO GO for using Expo (Managed)?

  1. SDK Version: 47
  2. Platforms(Android/iOS/web/all): all

Hi there, if a greenfield project we are starting needs SSL pinning should we RULE OUT Expo (Managed)?

SSL pinning | Voters | Expo (obviously we need this for iOS and Android only)

I found this workaround → android - How to add network_security_config.xml to manifest in expo app without ejecting - Stack Overflow


You should be able to do it, as long as you can write or find a config plugin to make the changes that need to be made to the native projects.

The approach I would use is something like this:

  • Figure out what you would need to do in a plain React Native app
  • Create a new Expo app, install an SSL pinning library (e.g. react-native-ssl-pidding) and run npx expo prebuild to generate the native Android and iOS projects
  • Make the changes manually. Commit these changes to Git
  • Then figure out how to write a config plugin to make the same changes
  • Run npx expo prebuild --clean to regenerate the native projects with the config plugin’s changes applied
  • Use git diff to check for differences between the manual changes and the changes made by the config plugin

After you have the config plugin working in the above app, you can copy it to your real app. No need to run npx expo prebuild in the real app. It is run automatically on the server during the build process.

When writing the config plugin, try as far as possible to avoid “dangerous” mods. Also, check the expo/expo, expo/expo-cli, expo/config-plugins repositories for examples.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.