ClueCon Weekly with Vineeta Sangaraju [ Sn. 15 Ep. 12]: Ship Fast, Ship Safe: Securing Hybrid Apps

ClueCon Weekly with Vineeta Sangaraju [ Sn. 15 Ep. 12]: Ship Fast, Ship Safe: Securing Hybrid Apps

Security often gets pushed to “later,” especially on hybrid stacks where speed and reach matter. In this episode of ClueCon Weekly, host Jon Gray talks with Venita Sangaraju, Security Researcher and Staff Engineer at Black Duck, about building hybrid mobile apps (React Native, Flutter, etc.) without opening the door to avoidable risks. Venita breaks down why external libraries are a double-edged sword, common myths about app-store reviews, and where WebView and permission scopes can quietly turn into data-leak vectors. We also dig into how AI helps (and hurts) day-to-day development, and simple habits that make a real difference. What you’ll learn: 🔹How hybrid differs from native/web in ways that matter for security 🔹The risky parts: third-party libraries, WebView bridges, and over-broad permissions 🔹Least-privilege basics for mobile (and how to actually apply them) 🔹AI as accelerator vs. “code-review headache,” and how to set guardrails 🔹Lightweight due diligence: maintainers, CVEs, defaults, and permission creep