Elixir is a dynamic language, given that LiveView Native applications are built with it and shipped to the clients would the clients get access to all source code easily?
No, they can’t. Liveview Native is two parts. The Swift client (or android client in a latter stage) and the server.
Can they get the Swift code that is shipped to the client? Yes, in theory they can decode it by reverse engineer it (which you can do with any app). However, there isn’t much for them to find there compared to a “normal” swift app since it will mostly be boilerplate code for the client (which they can find on Liveview Natives Github).
Can they get the Elixir code on the server? Not unless you have any vulnerabilities in the code or on the server that gives them remote access (and then they can still only access the compiled BEAM files). But that can happen with any backend.
So in summary, Liveview Native is probably “more” secure against reverse engineering than a normal Swift app.
But wasn’t the server supposed to be deployed with the app? Something like an Electron app? Or it will be really a server over the network and by doing that there will be no offline access, right?
We haven’t yet tried but we’re speculating that we could build a Swift client shipped with a Phoenix LV server compiled into it. This would allow for offline mode, low connectivity mode. However, to the best of my knowledge the Phoenix app would still be compiled and you’d be talking about the same issue of having decompile any natively built app. Elixir doesn’t run as a script, you’d only be getting the binary.
It would be really if LVN could support offline maybe using a similar approach as elixir-desktop · GitHub. At least the part about bundling the ERTS, Elixir, and Phx/LV server into a runtime binary with local sqlite database installed on the mobile device. I was really impressed it actually worked great when I tested it on iOS!
I guess a lot of complexity would be if local data needs to be synchronized with a server when going back online? I haven’t researched it but maybe that’s a “solved problem” nowadays??
At work I’ve had early discussions about maybe writing a pretty simple internal mobile app which would have to stay reliable in offline network conditions and really don’t want to have to learn Swift or use RN. The small app would likely just take a couple days if I could use LVN!
It’s not about synchronization when we talk about offline apps. There are a lot of tools to manage that, however if you don’t have native bindings implemented, you are very limited in what you can do compared to classical native apps, this is the state that libraries like
elixir-desktop currently are.