When expo apk is parsed, db tables appear in DatabaseHelper.java. Does this pose a security issue?

I have an application built with expo that contains only one webview package. A client decompiled the application apk. In the DatabaseHelper.java file, the table names of the SQLite database used in the local, etc. information is disclosed. Is this a vulnerability? I don’t think so because I’m not using db.

“expo-sqlite”: When I searched project “~8.1.0”, I saw this in node_modules > expo > package.json. It probably comes from here. Does he see them? Can I delete these? Or will deleting cause a problem? These are the things I’m wondering

  1. SDK Version: 39.0.0
  2. Platforms(Android/iOS/web/all): Android

when you build using classic build service (expo build:android) native code for all expo modules is always included that includes expo-sqlite package. Our new service (for now in preview) EAS Build can build apk/aab with only modules that you are using, but there if you are using OTA updates you need to make sure you are not sending update to app that does not have compatible native code.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.