Hey all, hope you enjoyed ETH Denver! In our last call we talked about having a repository for best practices for mobile developers. I want to get the conversation started with what my team have come across with building a few SDK’s and user facing mobile applications.
Managing data for a dApp is not your usual backend. Efficiently storing and syncing data is important.
- Maintaining an index locally can help retrieving new data only when the user requests it.
- Updating in the background existing data looking for new changes is always a must
- Every request counts, don’t waste API calls for data you can retrieve once and store locally
- Don’t forget to get the transaction count before sending a new transaction, nonces can change really fast
- Because of the asynchronous nature of blockchains, your error handling needs to be flexible enough to cover not only hard error cases, but lack of data for subsequent requests.
Mobile security is a different paradigm offering new solutions for common account security problems.
- Never store private keys in plain text, encrypt them with verified and tested encryption mechanisms
- Always empty out references in memory after signing transactions to avoid memory dumps
- You don’t need wallet keys when reading data from the blockchain, only when sending out transactions
- Even if the private keys are encrypted, use a secure storage mechanism client side to store the encrypted data
- Submit all requests over secure protocols (HTTPS, etc)
- Provide mechanisms to export/import keys securely, so clients can export their wallets to other applications, and back them up
Thoughts on spinning up a repo so we can add more as we think of them or go along our adventures building?