React Native databases
From established organizations to hot new startups, developers are using React Native to build cross-platform applications. Moreover, there is a pressure on developers to deliver offline-first and high performing application that can be scaled whenever needed.
To meet these challenges they have to choose the right technology stack including the platform, back-end framework, libraries and a database. Now, there are many databases available for React Native which offer offline sync, reliable performance, better security and tons of new-edge features.
Poorly chosen Database can lead to failures for your React Native application.
Recently Crisp, a live-chat startup, who built their hybrid application using Firebase had to switch after few months of release. From an infinitely scalable database Firebase became a living nightmare for them. Because of which they struggled with the releasing new features, and could neither implement complex business logic to local and server side database.
We have hand picked everything you need to know in order to select the right database for your react native app development.
Local database selection for react native apps
We will first start with local databases. The local databases considered in our evaluation are listed below:
Realm database was built from scratch for offline and real-time applications running on mobile and wearable devices. Realm is not an ORM or built on top of SQLite, it has its own database engine and doesn’t just rely on key-value stores.
That explains why developers prefer to use Realm while handling a large amount of data or for high-performance applications. Realm allows developers to undergo frequently mapping classes, tables, foreign keys or the fields.
Realm is an object-oriented database rather than a relational database. OO model makes it 10x faster than SQLite and saves you from running tons of query which is a common thing for a typical SQL database.
Offline Applications with Realm
- Realm synchronization services run in the background to record and save the user interaction, and service requests locally. Once the device is online, it sends data back to the server and executes the tasks without hindering the user experience.
- Realm has algorithms in place to handle the conflicts in the objects while syncing the data back to the server.
- Offline queue support automatically re-dispatch user actions when the connection is back online.
RealM is offline friendly with redux-offline
Redux offline fulfils almost every arbitrary requirements of offline-based architecture such as:
- Implementing read-write network resilience
- Support for optimistic data updates when offline and pessimistic UI state in opposite case
- Enabling background synchronization
- Migrating database schema versions
- Enabling data caching and up-front data loading
The main idea behind using redux as the offline synchronized storage along with realm is to use redux as your database in which you can serialize data and inform your Database when it changes. As soon as your app gets internet connectivity, you tell it to read data from your local memory.
For this, you can use redux-offline which is a standalone persistent state data container that can work with any web application written in any language. The library is designed in a way so that it covers all the aspects of an offline-first app-based experience.
React Native app Performance with Realm
In terms of performance, Realm databases have been proven to run queries and sync objects significantly faster than SQLite and others. The objects stored in Realm can be accessed concurrently from multiple threads or sources, and it doesn’t require any specific lock configuration.
- Built-in storage engine written in C: Reduces dependencies and improves query performance
- The traditional SQLite with ORM abstraction is leaky because ORM simply converts Objects and their methods into SQL statements. Realm, on the other hand, is an object database, meaning your objects directly reflect your database and it doesn’t convert the objects while doing read/write operations.
- Zero-copy: The traditional way of reading data from a database leads to unnecessary copying into language level objects. Realm avoids this by mapping the whole data in-memory, using B+ trees and whenever data is queried, Realm simply calculates the offset, reads from the memory mapped region and returns the raw value.
- Concurrency Control: Realm smoothly handles the concurrency using the MVCC model, which means that multiple read transactions can be done at the same time and reads can also be done while a write transaction is being committed.
Industry Compliances and Realm
While there is no official documentation on the Industrial compliances and Realm compatibility, but their encryption technology has been used by many banks in their consumer-facing applications.
For SOX and GLBA compliances, Realm has been considered secure enough to use.
Supported Datatypes and file format in Realm
Realm supports the following property types: Bool, Int, Int8, Int16, Int32, Int64, Double, Float, String, Date, and Data.
When you consider images or videos, you can’t directly store images or videos to your local Realm database. You have to either convert the files into NSDATA to store locally or just store on the server-side and define a path for it.
Security in Realm
Realm uses different encryption standards for each mobile platform.
For Android, they use AES-256 level of encryption and decryption of all the data stored locally.
Whereas for iOS applications, their encryption is based on the iOS CommonCrypto library, which protects the app data and passwords stored in the keychain. For windows applications, Realm uses Crypto library for encryption.
Each of these libraries can be used to generate a 64-byte of encryption keys, where each 4kb block of data is further encrypted with AES-246 Cipher Block Chaining(CBC) method and then signed with an SHA-2 HMAC.
In my opinion, this approach can prevent most of the attacks and has been adopted by many industry leaders such as Amazon, and Netflix to build their mobile applications.
#1 Real time sync in with Realm and React native
When it comes to real time synchronization – that’s what Realm’s platform was built for – demo of Draw app demonstrates this very well. Look at the image below that shows multiple users simultaneously drawing on the shared canvas.
Source: Realm’s Github
#2 Realm Database Pricing
But, when you buy their platform to build React Native applications, then it will cost you $1750 per month. They also have an edition which comes with Realm Studio, and tons of other development features for Enterprises.
An object graph is nothing but a collection of relational objects that are interconnected.
Core Data heavily relies on non-relational databases to store the objects. In React Native, where you are building a hybrid application, you can either use SQLite, or CouchDB for storage and then use Core Data to play with the object graphs.
With all being said, Core Data is capable of managing complex object graphs for apps with thousands(or even million users!). But it is equally important to understand how Core Data differs from a regular database and when can you use it.
It should be clear that Core Data is not a storage, and whatever data you store including passwords should be stored in keychain of the device. It’s highly vulnerable If you are storing anything in Core Data cache memory.
Apple has clearly mentioned in their Core Data programming guide that:
Core Data makes no guarantees regarding the security of persistent stores from untrusted sources and cannot detect whether files have been maliciously modified. The SQLite store offers slightly better security than the XML and binary stores, but it should not be considered inherently secure.
Concerned about securing your SQLite or CouchDB data, read their respective security practices.
Apple’s Core Data Pricing
Core Data is not open source, but it comes free with Apple’s developer license program to develop Offline first applications.
PouchDB based on CouchDB for React Native
PouchDB was built using CouchDB protocols and storage mechanism, and that’s why CouchDB is the most reliable server-side database to pair with PouchDB. Apart from CouchDB, PouchDB is also compatible with MongoDB, MySQL, and PostgreSQL server-side databases.
PouchDB, a DB that Sync with multiple platforms easily
Similar to Firebase, PouchDB data can also be synchronized between multiple, so users can access their data on the go. Although, If you’re using any Native library, then OS specific data can’t be synced between multiple clients.
Peer to Peer Replication in a single stroke
PouchDB with its replication feature allows local storage to be disconnected from the server side while both copies can be updated concurrently. Once it’s updated, the data gets synced across multiple clients without any data leakage.
A really good example of handling such operations efficiently on React native is Evernote. Evernote does that perfectly by letting users update their notes and syncing it back to the main database.
Securing your Local Data in PouchDB
Securing your app’s local data is difficult; but securing your local PouchDB data is relatively easier than most of the open source databases. CouchDB has an inbuilt authentication framework for React Native and it offers some amazing security features:
- Stores the password in the hash form using PBKDF2 cryptography, which is a standard key derivation function to protect encrypted keys from brute force attacks.
- It does stores cookies from the app, but keep refreshing every 10 minutes, which reduces possible attacks on the cookie.
- It supports SSL, so you can easily encrypt your local data with an AES256 level of encryption.
PouchDB best practices for security would be to define proper access control rules, not storing store passwords in memory, and encrypting communications using SSL to make your application will be safe.
Supported Datatypes and File forms in PouchDB
PouchDB supports most of the universal data types including Boolean values, numeric values, string values, arrays, objects, and NULL.
When it comes to storing document, images, videos and other files, PouchDB shines compare to other local databases. They allow you to convert the files into either in a base64-encoded format or as a Blob and directly store in the local memory.
If you are dealing with large files or multiple files for each user, it’s better to send them to server-side and define a path in the local Database.
PouchDB development and updates are publicly available on Github and it’s free to use.
Async Storage for React Native
Async storage is a local storage system, which gives you the ability to store locally and persist the data between app reboots. It comes in-built with React Native, so you can use it without any additional deployment. The downsides are slow to runtime and have no indexing capabilities.
All objects stored in Async Storage are considered as strings, all value must be serialized before storing, and deserialized after retrieving. That explains its slow runtime and no indexing capability. You should not use Async Storage while dealing with a large amount of data.
Read write operations with Async storage
The read/write operations are quite slow compared to any other Storage systems. In terms of security, there is no encryption available locally, also the data vanishes if a user deletes the app.
Firebase for React Native
Firebase supports a real-time NoSQL database for react-native. It can be your best bet when it comes to changes like data synchronization and offline data modification. You can suppose React Native to be as “V[view” in MVC.
Firebase is pretty much capable of fulfilling the requirements of “M[model] and C[controller] in MVC” to react Native based applications. Since the idea behind the development of React was to provide a user interface, there was something needed to support and made it fully functional at the backend. This is where firebase as a NoSQL BaaS comes into play.
Real-time data Sync
The biggest advantage of using firebase for react-native is that real-time data is synced across all clients at a time. This is really important in the case when your app suddenly goes offline due to unavailability of an internet connection.
Another advantage of using react native and firebase together is that it provides a cross-platform API that requires a minimal setup while you are using it with your app. Moreover, you will not need any application server to access data as firebase real-time database can be directly accessed from a mobile device.
Offline persistence with Firebase
As mentioned above, firebase applications have the advantage to work offline (given that the application goes offline after connection established at the first time).
- Marking user presence as offline/ online: While developing a real-time application, you will have to mark the state of a user as connected (online) and disconnected (offline or busy). This can be handled by firebase onDisconnect primitive.
- Timestamp when the user goes offline: Firebase real-time database also facilitates storing timestamp when a user gets disconnected every time. This timestamp can be used to identify exactly at what time the user goes offline.
The above mentioned offline capabilities of firebase make it as most suitable database while developing apps that takes user’s presence and real-time data transfer into account.
Security with Firebase
Firebase boasts of an easily understandable data access security rule pattern. It is hosted on SSL (Secure Socket Layer) which keeps the connection safe with the client.
However, data is not encrypted at server side which makes it prone to security threats and theft. Hence, it is advisable to not use Firebase as a database for apps which needs to handle sensitive data.
You can use other local databases such as Realm or combination with any other server-side database to store your sensitive data with encryption.
However, if you somehow wish to use the same for these apps you need to make sure your data remains encrypted and also your encrypted key doesn’t remain in that database itself.
Authentication and Authorization
Firebase boasts of a simple easy-to-access API which can be used to authenticate users with data access and manipulation with some robust security rules.
You are independent to integrate firebase solely with your client-side code or your existing login server. One major advantage which goes hand-in-hand with firebase authentication is that it boasts inbuilt functionality for login authentication (via email/ password).
Moreover, you can also integrate third-party providers with your firebase.
Security rules for firebase are easy to understand and are properly defined in firebase official documentation. They are a custom set of declarative language which can be used for data validation and authorization.
Administrators can define “Read/ Write” rules using JSON structure for any sort of level in application data tree.
App performance with Firebase
Firebase is good to go with scalable applications where you want to transfer your data to different users at a time without having to care for any data breakage. In fact, data serving and synchronization is extremely fast so that you can easily transfer files to any number of users across the globe.
Moreover, firebase does not come with any sort of searching capabilities so you have to rely really on your own common sense to get it done. You can always use any third party service for this purpose.
Firebase as a NoSQL database is least suitable for handling relations. Since the data is mainly stored in a big JSON file. There is no specific way through which you can declare “one to many” or “many to many relationships” at all.
For instance, in some cases, you might encounter some problem to change the specific data attribute such as name in a chat app for all users. For this, you will want to change the attribute for all users or everywhere you have used it.
So, it’s not a specific way for all the users on application to change their name which is not a viable option at all.
Industry Compliances and Firebase
Firebase believed to only be compatible with SOX regulations for Financial and Banking organizations.
Supported Datatypes and file formats in Firebase
No support for Array
Uploading files in firebase
The reason being is that in the mobile environment you can only get the file path whereas the SDK require BLOB which can be only provided by the web browser.
Integration and Migration in Firebase
Firebase comes with some integrators which is an obvious part as it is owned and maintained by Google. So, you don’t need to play with your code every-time as these integrations are super easy to configure and use.
Following are some of the SDK integrators that you can use with firebase:
- OAuth authentication
- File storage
- Database backups
- Automagical scaling
- CLI for deploying and other duties
- Free Tier
Push notifications in firebase
Apart from these integrations, firebase allows authenticating push notifications through FCM. However, configuring it in an easier way is unlikely everyone’s piece of cake.
Luckily there is one library that helps you build it easily after going through some sort of configuration process. Just start the listener wherever you want and you are good to go. Also, this library helps you send custom local notifications as well.
Migration from firebase to other databases
With Firebase, it’s hard (yet not impossible) to migrate data since data is stored as JSON. However, you can always import/ export your data from firebase in a JSON file and then you can use any other database that reads JSON data.
Firebase is not open source, and their pricing is complex.
SQLite for React Native
SQLite was designed to provide local storage. It is a relational database management system designed to meet the storage demands of mobile applications. The word “lite” in SQLite describes it as being a lightweight(ed) library based database which requires minimal setup. SQLite can be integrated with the mobile application to directly access the database.
SQLite can be described as an ACID compliant database that implements most of SQL based standards although with some significant omissions. The architecture of SQLite is file-based with some tools which can handle all types of data with ease and simplicity.
Offline persistence with SQLite
To enable offline persistence with SQLite, you can use a react-native-SQLite-storage plugin to manage the data within the app. When a file is generated when you need to instruct from SQLite to open the file that is saved in the documents folder. You can do this by modifying your openDatabase call mentioned in step 6 of this link.
Security with SQLite
SQLite does support data encryption with an extension named as SQLite Encryption Extension (SEE) which is provided on their official website. However, the extension is licensed which means you have to pay the one-time fee to use it.
The extension SEE allows SQLite to read/ write data in an encrypted manner such that data remains inaccessible to outsiders. SEE is built with various algorithms that implement encryption and makes it work for it.
Encryption algorithms such as RC4 with security enhancements, AES-128 in OFB mode, AES-128 in CCM mode and AES-256 in OFB mode are used respectively for each of the seven variants. However, the seventh variant supports all algorithms.
Apart from SEE, there are several others implementations with which you can encrypt your data in SQLite :
- WxSQLite – wxSQLite is a C++ wrapper which can be used to encrypt SQLite data.
- SQLCipher – SQLCipher is an open source extension that supports 256 bits AES encryption. It uses OpenSSL’s libcrypto to implement encryption.
- SQLiteCrypt – It supports API based encryption. It requires custom implementation though.
App performance with SQLite
Often, query performance with SQLite is a matter of discussion among developers. There is a common notion among every developer that SQLite is not better in terms of query performance and speed. However, it is not so. SQLite can be used to query perform at an extreme level.
One of the easiest ways to optimize performance in SQLite is to make the disk access less often. But, to make it happen you must be familiar with the overall understanding of SQLite information processing. You must determine and measure the process where SQLite is consuming more time.
Moreover, while performing basic operations such as insert/ update/ delete in SQLite, you can use the correct set of Begin and End operators so that every time when a transaction initiates, a single DML code gets executed and ends after the completion of modifications.
This approach is simpler and more convenient to use while query performing any SQLite transaction.
Another approach to increasing performance in case of SQLite can be to configure several parameters of DBMS using PRAGMA.
Supported Datatypes and file formats in SQLite
Some of the supported datatypes in SQLite are NULL, INT, REAL, TEXT, and BLOB.
SQLite Database Pricing
Server/Side Databases for React Native App Development
MongoDB For React Native
MongoDB is an open source, a server-side database that has been built for scalability and complex applications. MongoDB follows a combined approach of using key-value stores and a relational database to store objects in JSON documents with dynamic schemas.
If you’re dealing with a large amount of data, it allows you to modify the schemas without affecting the React Native application runtime.
MongoDB Security and Industry Compliances
MongoDB uses SCRAM-SHA-1 mechanism for authentication and a role-based access control to prevent unauthorized infiltration to server-side data.
To abide with Industry compliances, MongoDB offers Kerberos and LDAP proxies to protect consumer’s data.
With that being said, MongoDB security practices have adhered to these following compliances:
- HIPAA in Healthcare industry
- SOX in Information technology and Banking organizations.
- GLBA(Gramm Leach Bliley Act) for consumer data protection in Financial Corporations.
MongoDB compatibility with React Native
MongoDB as a server-side is compatible with these local databases:
React Native app performance and scalability with MongoDB
MongoDB was built with scalability and high performance in mind. Organizations like Baidu and Adobe use MongoDB to store and process data from millions of users. According to their official documentation and case studies, the performance can be scaled to:
- 100k+ database read and writes per second without interrupting the standard latency SLAs
- It can store 1 Billion + documents in their database
I believe these metrics would be enough for 95% of the startup and enterprise building their apps with React Native.
MySQL for React Native
MySQL Performance in React Native applications
Moreover, MySQL does not perform memory allocation after query initialization which is necessary for a better query performance.
MySQL Security in React Native
MySQL is made secure with a password-based encryption system that implements several data layers for security. The verification is host-based which makes it more flexible.
It also supports encryption which makes it more secure from the server-side vulnerabilities.
Scalability and Limits
Each index of the table may incorporate about 1 to 16 columns. Index of InnoDB tables can be wider as either 767 bytes or 3072 bytes whereas MyISAM tables have an index width of about 1000 bytes.
MySQL compatibility with React Native Local Database
As mentioned above, MySQL can be used to store larger data. So, if you are on a hunt for the server side database which can serve large chunks of data across server, it must be your best bet in that case.
Amazon DynamoDB was designed and developed as a fully-fledged and managed NoSQL database service which runs on the AWS cloud.
DynamoDB is made completely decentralized with minimal administration needs. It is cost effective database with horizontal scaling, so you need to only pay for the storage and your IO throughput while using DynamoDB.
Performance in DynamoDB
DynamoDB is performance optimized as it automatically made the data transfer on tables easier over multiple tables.
While using DynamoDB, you don’t need to take care of scaling and operating of a distributed database. Moreover, complex functionalities of a distributed database such as initial setup, configuration, cluster scaling, replication etc. are managed by Amazon.
You only need to use the API provided, else rest is taken care of.
Security in DynamoDB
With DynamoDB, encryption is easier. When it comes to server-side encryption, data is transferred by the user in an unencrypted form on the server where it will be then encrypted after uploading. Amazon KMS can be used to manage keys.
DynamoDB compatibility with React Native and other Local Databases
For react native, you can use react-native-DynamoDB wrapper by npm. Also, on Github, AWS SDK for React Native Developer preview includes support for S3, DynamoDB, Lambda, and SNS. This starter automatically provisions a Serverless infrastructure with authentication, authorization, image storage, API access, and database operations. It also includes user registration and MFA support.
When you look at a suitable database for your react native application, you need to know about your requirements in the first place. Realm as local database works well in every possible requirement where SQLite and Core Data fail to the same level of performance, security, and scalability.
Firebase is well suited in situations where you want to develop real-time applications. For example, an instant messenger based app where you want to showcase whether any user has read the message or not.
SQLite is suitable in such cases where you don’t need to access “real” database but still, you want the capabilities and power of a relational database.
In the case of Server-Side databases
Organizations with a small database and looking for a more generic solution often choose MySQL and other full-scale databases. MySQL lacks speed and developers face difficulties with large volume data and their undefined schemas.
MySQL is widely used for its performance, flexibility, reliable data protection and high availability case.
But, when your data is unstructured and complex or when you can’t accurately define your schemas, MongoDB would be the better choice. MongoDB will meet all your challenges with their document-based data modeling.
However, if you are looking for a backend based database to store JSON documents, DynamoDB might be useful in this case.
If you have any questions or thoughts, let us know in the comment section.
Is not an ORM or built on top of SQLite, it has its own database engine and doesn’t just rely on key-value stores. Developers prefer to use it while handling a large amount of data or for high-performance applications. Allows developers to undergo frequently mapping classes, tables, foreign keys or the fields.
Is not a full-scale database, rather, it is a framework to manage object graphs. Heavily relies on non-relational databases to store the objects. In React Native, where you are building a hybrid application, you can either use SQLite, or CouchDB for storage and then use Core Data to play with the object graphs.