Home > Enterprise >  Is it safe to use public API in mobile application?
Is it safe to use public API in mobile application?

Time:12-07

I don't know if it's a stupid question but there are lots of free public APIs in this github repository: https://github.com/public-apis/public-apis

Is it safe to make apps with such free APIs and publish them in play store, app store? What I mean is that maybe the person who created the API will make a mistake and send an image for adults against the rules. Or can they complain for copyright reasons? I mean, I don't question the reliability of APIs of huge companies like Riot games. I'm mostly wondering if it's okay to use APIs from indie developers?

I've heard that many people play console and apple developer accounts have been closed. I was wondering if using the public API can cause our developer account to be terminated due to a mistake or complaint. Or should we not use free public APIs just in case?

CodePudding user response:

No it is not safe to do so. You're trusting that some random code written by some random person works as expected, is secure, is well written, and isn't malicious. Would you trust your safety and security on that? If I handed you a file and told you "trust me, it isn't a keylogger, run it on your computer" would you do that?

Heck, look at major scandals of the past few years like leftpad (when a developer deleted a very commonly used library from github, and caused everyone who used it to stop compiling). Or there was an instance where someone inserted a Christmas time easter egg a few years back and websites started snowing. You can't just trust them.

I'm not saying that you can't use any github library. But be smart about it. You should only consider it under 3 conditions:

  1. It's from a source you trust. Google probably isn't going to purposefully put a trojan in their code. Similar for other large orgs.

  2. It's a well known, highly used library. Of course even this isn't perfect. People have managed to slip exploits into open source before.

  3. You've security audited the exact version of the library you plan to use.

If it passes one of these 3, it's probably ok. But if it hasn't, you shouldn't touch it with a 10 foot pole.

Page link:https//www.codepudding.com/Enterprise/634335.html

Prev:How To Use Shared Preference In This Todo App Code?
Next:connect the front and the back via a REST API in Maven project
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding