Contact person: Equity-Based React Native Wallet

Phone:Show

Email:Show

Location: miramar, Argentina

Budget: Recommended by industry experts

Time to start: As soon as possible

Project description:
"Status: The MVP is already live internally. Core flows work end‑to‑end on React Native (Expo/bare) with Supabase Functions on the backend. I’m looking for a partner to optimize the codebase and close any security gaps before we scale.

What we’re building

A mobile wallet where users can securely hold and manage multiple digital currencies.

Seamless movement between bank accounts and the wallet’s balance (sandbox is connected).

Real‑time transaction notifications (APNs/FCM) with reliable delivery and sensible privacy defaults.

Auth currently uses password; biometrics will be added after hardening & stabilization.

Your mission

Security hardening across app and backend: secret handling, storage, network, auth, and data access.

Codebase optimization: architecture, performance, and reliability for both iOS and Android.

Release readiness: smooth CI/CD, crash‑free startup, and App Store/Play compliance.

Scope (concrete)

✅ React Native refactor to a clear module structure (domain/UI/data), TypeScript strict, ESLint/Prettier.

✅ Secrets: remove any plaintext keys; use env injection + secure storage (Keychain/Keystore).

✅ OWASP Mobile basics: jailbreak/root detection, screenshot/overlay protections where relevant, TLS pinning (where feasible), secure clipboard/notifications (no sensitive payloads when locked).

✅ Supabase: enforce RLS everywhere, least‑privilege policies, JWT claim checks, rate limits, audit logs (minimize PII).

✅ Auth: strong password policy, lockouts, session/refresh rotation, CS/PKCE where applicable.

✅ Banking & buy/sell flows: stabilize error handling, idempotency, and retry logic; full sandbox test cases.

✅ Push notifications: delivery reliability, background handling, and “privacy mode” content.

✅ Observability: crash reporting, performance traces, server metrics; PII‑safe logs.

✅ Supply chain: dependency audit (SCA), pinned lockfiles, automated secrets scan, reproducible builds.

✅ CI/CD: test + lint + type checks + mobile builds; fastlane/EAS (or equivalent).

✅ Store readiness: passes static/dynamic checks; complies with App Store/Play financial‑app rules.

Deliverables

A clean, well‑structured React Native app linked to Supabase Functions, with TypeScript strict mode and linting enforced.

Signed iOS/Android builds that meet store submission requirements (testflight/internal test tracks).

Security checklist + brief technical docs (setup, env, deployment, threat model summary, runbooks).

Acceptance criteria

Users can create a wallet, sign in with password, view balances, and review transaction history.

Bank integration, buy/sell flow, and push notifications run smoothly in sandbox with test plans.

No sensitive keys in plaintext; secrets handled via environment and secure storage.

RLS enforced on all data paths; automated tests cover auth, balances, transactions, and notifications.

Static analysis, dependency audit, and secrets scan pass with no high‑severity findings.

Crash‑free sessions ≥ 99.5% on internal testing.

Nice to have (not required on day 1)

Biometric auth (Face/Touch ID) behind a feature flag.

App Attest / Play Integrity checks.

MASVS L1 alignment documented.

Compensation

Equity instead of cash for the right partner. We can define vesting/cliff once scope and ownership are confirmed.

If this sounds like your arena, send a short note with relevant RN/Supabase work, links to repos/apps, and your proposed approach to the security pass." (client-provided description)