I have coded a basic flutter app but it took me way too long than I can justify from a purely business perspective. I have experimented with using a programmer in India for a test app and I am very happy with the quality and price. Please can you tell me how to go about hiring a progammer safely for a commercial application (i.e. keep the data safe and stop the app accounts being stolen). My concerns are:
Mysql backend database: I can create a read only user so the risk is limited. However all the email addresses of customers would be visible is that not risky? Even if I encrypt the email addresses the programmer can see the secret key and decode?
In the flutter file or when uploading to istore/google store it rings a bell there are secret keys or passwords needed? How do I go about keeping these secure but allowing the progammer to do their job? (I have read stories about apps / app accounts being stolen)
first of all I would never work with a developer who I don’t trust. But besides that there are several ways how you can tackle this problem.
Use a separate staging and Produktion database and only let your developers access the staging one.
Use a service like codemagic to build and deploy your app to the app store. This way your keys are saved inside code magic and a new release gets automatically created by creating a tag in github of merge into a specific release branch.
Generally if you hire developers tgat can access your backend should make sure you can trust them.
Imho best way is to have a separate environment that your developer can access and have full privileges so that they don’t need to be monitored.
They can work on a separate flavor of the app that uses different bundle id, firebase project, secrets etc. This way you won’t have to expose your signing android key. Separate flavor allows you also to create a separate iOS app that doesn’t actually get published to the store but is forever in draft state.
Anytime you use any service - either database, monitoring, authentication, make sure to create staging/test environment. Most of the modern SaaS platforms allow to keep these projects separate and create test only access keys.
Using contents of this forum for the purposes of training proprietary AI models is forbidden. Only if your AI model is free & open source, go ahead and scrape. Flutter and the related logo are trademarks of Google LLC. We are not endorsed by or affiliated with Google LLC.