Legal Questions regarding Expo

Hello Expo Team I have some legal concerns regarding Expo.

I have an App with a Server File wich is hosted in our company Network, and an App where my Frontend lives - this one is hosted on the Expo Servers.

I really enjoy Expo and expecially the OTA Update function. Now the questions I have.

  1. Wich company is behind Expo? (Need to know this for my Boss)
  2. If I have the App as unlisted can users view the Code / or can they open it up somehow?
  3. Is it possible for Expo Employees to view my App code and for example Use it or modify the App code?

Thanks in advance Faded.

Any Information from the Expo Team please?

Hi! The company behind Expo is Expo :smile:

With any app (expo, react native, even native iOS and android apps), it’s possible for users to view your binary files and thus your source code (so if you have something particularly secret, you should keep that on your servers)

Expo employees will never modify your app code (the only people that can modify your app must have the appropriate permissions, meaning either the account owner of the app, or any teammates you may have granted permission if you’re using Developer Services)

Okay thanks for the response.

Could you explain a little bit more on how users can view my binary files? My Project is unlisted so it should not be accesible to any User except of me?

I mean that anyone can inspect the APK files that are downloaded from the stores, this is a totally separate topic from Expo

Well I get that but my App wont ever be available on any Store… So I am right that Expo users cant view my app if it is unlisted, right?

In order for OTA updates to work, we (or you, if you want to self host) need to host your app manifest and minified JS bundle at some publicly available URL. You can opt-in to making this url unlisted, meaning it won’t come up in search results, but if someone has the exact URL then they can still reach it.

This usually doesn’t matter since when you distribute any application, your users technically will have access to your sourcecode. But if you don’t plan on distributing your app, then I guess you could disable OTA updates, build your app, then after building, temporarily delete all your JS code and run expo publish again to overwrite the code we are hosting for you so that the code at that URL is essentially blank

3 Likes

Ok thanks for the clarification!

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.