Phonegap apps - Do I need to worry about server side user input validation?

Question

On typical web development we need to sort user validation server side, users can get around javascript easily, but I was wondering how important this is on a phonegap application?

If I put up javascript validation on my web forms, should I still spend time making sure user input is valid on server side?

I guess what I am trying to get at is, can the user manipulate my javascript on hybrid based applications?

Answer 1

Short: you should always worry about server side validation.

Long: Javascript cannot easily be manipulated within the app, but rest assured that the frontend is never safe. In fact, the Javascript and HTML/CSS of a Phonegap application can easily be extracted and they could rebuild your app with just a few differences.

In addition, anybody could fire calls to your backend services (from self-built front-ends, REST clients or anything really), so be very sure that your services are safe and that your data is validated..!

Answer 2

Yes! Always validate anything what is coming from the users. You wrongly assumed that user will connect to you server using your client application. The true is, that it is always possible to use custom made client to send dangerous data.