RE: Cordova Mobile Apps: Signed Builds and Env File

@s-molinari Yes, I agree, backend API and client’s app should be separated, thanks for sharing your thoughts!

@metalsadman Noted, it means local storage is still the best choice in this case, thank you!

My backend API is constructed, I wonder if you can share your thoughts on my queries - https://forum.quasar-framework.org/topic/8081/cordova-mobile-apps-signed-builds-and-env-file , is it advised to break the app into two parts (backend API and frontend Cordova app) or is it fine to include both into a Cordova’s signed build? My concern is the .env file (with backend/db credentials).

Thanking you in advance!

@metalsadman Sorry, just want to confirm that whether JWT cookies are applicable for Cordova mobile apps.

@metalsadman Noted with thanks!

@s-molinari Thanks for sharing your view!

@metalsadman Thanks for the light!

If both backend (with .env file) and frontend files are bundled into a Cordova’s mobile app build, will there still be a risk of malicious attempt to unzip the build and obtain the .env file? If yes, are there any protective measures on this?

Secondly, what does the ‘DO encrypt all data at rest’ mean in the above context?

Thanking you in advance!

@s-molinari Thanks Scott!

One of the reasons of sticking to Quasar Framework is the efforts of the team paying great attention to security, thank you!

In regard to the usage of JWE - https://quasar.dev/security/dos-and-donts#web, I wonder if you have a code sample on the application of JWE and with Quasar boot file?

After researching on this topic a couple of days, it seems the usage of JWT cookies is safer than local storage but is cookies applicable for Cordova mobile (Android/iOS) apps?