Not sure if this is the place to ask this but I think I’m not the only one with this question so I’ll ask it here. I’ve coded api’s and databases before and also coded multiple apps so I’m curious about how the android/ios app transmits data to/from the database.
Let’s say the table Users has a private information column, for example a social security number. How secure is this actually? Now let’s say my app also allows users to display a list of all other app users Names or list the names column of the Users collection. From a programmers perspective I see that all users have access to the names column. This means that all users have full access to the entire Users column. Is this api database call done client side or server side? If it’s done client side you probably see my concern about an app being reverse engineered and malicious users getting access to private information in the collections. (For example getting a social security number column)
This question about security my be a bit vague so let me know if it’s not understandable and I will try and clarify it a bit more. I’m not trying to cast a shadow on the platform or raise more security questions, I’m just genuinely curious if malicious users could get access to more data than is explicitly defined or pointed to in a finished app screen or gui.