Pitfalls of bypassing native development

Recently I watched a?Gleb Mikheev's?presentation about the universal web applications architecture, where he scoffed at the prehistoric belief that native applications should be developed only natively. His point was that in 2023 native development is not a must.?

Let's figure out how to build a mobile application besides an existing web application. We hire two new teams, for Android and iOS, and triple the developers' costs. We hire a new lead developer for each of the new teams, and we risk hiring a person who may perfectly pass the interview but won't perform well over a long distance. We are adding to our pipeline the release synchronisation for the web, Google Play and App Store. All that complicates life and burns money. Try to estimate that to a modern web application, and you easily get 1-1.5 years and $1-1.5 million. BO will say: too expensive. PO will say: mobile is not a priority.

Let's think different. In 2023, our web application will surely open adaptively on mobile devices. At the same time, the web stack is vendor-independent, has all we need in interface means, and is functionally opulent, because it is driven by competition. And most importantly, we already have a development team.?

If you build a project and put it in a folder on a mobile device, it can already be opened full screen using the native browser. Voila, it's done: build and roll out to the store, if we don't have specifics. To simplify this process, Phonegap/Cordova were invented ages ago, and recently the ionic-team released a new righteous Capacitor.

And if there are specifics, there is a bridge to any native API from a native browser (which itself works on the same native APIs). Since 2016, web applications have been able to work offline thanks to service workers and even relational databases for the web layer.

E.g., Todoist, Notion, Slack, Spotify, 1Password, and Discord are hybrid applications. It'll be weird if these companies spend tons of money on their cross-platform solutions.

The next question that came to my mind after this catchy speech was, what is the impact of a hybrid application on the application security perspective?

We did some research on the SAST market to find a reliable React.js source code scanning tool this year. The results amazed us.