March 28, 2026·10 min read

When you actually need custom native code

Expo’s sweet spot is huge—until you need a niche SDK or a foreground service Android won’t grant from JS alone. That’s when prebuild, config plugins, or a bare workflow enter the chat. Custom native code is a product decision: you are buying capability and paying in build and upgrade time.

Try config first

Many needs are solved by official Expo modules or well-maintained community packages with plugins. Read the install page twice.

Forking a module is cheaper than writing JNI from scratch.

Own the upgrade path

Custom native code means you own Xcode and Gradle upgrades. Budget time every RN release.

Document patch-package hacks; they rot fast.

Team skills

If nobody on the team reads Swift or Kotlin, outsourcing or pairing is cheaper than guessing. Security-sensitive native code needs review.

Keep JS bridges thin; push logic to well-tested native or shared C++ when appropriate.

Decision questions to ask in the meeting

Can we ship MVP without this SDK? Is there a maintained Expo module or config plugin? If we write native code, who reviews it for security and who tests on both stores? What is our rollback if the binary is bad?

If answers are fuzzy, spike in a branch with metrics—not in production with a deadline.

Exhaust config plugins first

Many native tweaks are expressible as config plugins with Expo prebuild—prefer maintained plugins over forks. Read plugin docs for idempotency; flaky plugins waste hours. Snapshot `app.json` changes in PRs for review. Keep plugins small and composable.

Custom native code ownership

Swift/Kotlin changes require reviewers who know platform idioms and app store guidelines. Security-sensitive code needs extra scrutiny. Budget ongoing maintenance—Xcode and Android Gradle Plugin updates break builds. Document build steps and environment prerequisites clearly.

Bridging JS and native cleanly

Keep bridges thin: marshal simple data types, avoid long synchronous calls on JS thread, and handle errors with structured codes. Write unit tests on native side where feasible. For C++ shared code, ensure threading models match expectations.

Distribution and compliance

Some SDKs impose licensing constraints—legal review before integration. For medical or financial domains, additional certifications may apply. Document data flows crossing native boundaries for privacy reviews.

Fallback strategies

When native module unavailable—older OS versions—gracefully degrade features. Feature flags help roll out native changes gradually. Collect crash analytics specific to native modules to spot device-specific failures early.

Team decision template

Problem statement, alternatives considered, maintenance owners, upgrade budget, security review status, and rollback plan. If any section is weak, pause—native debt is expensive.

Post-launch monitoring

Watch crash rates, ANRs, and performance regressions attributable to native changes. Keep communication lines with vendor SDK support. Plan refactors if native surface grows unwieldy—sometimes upstream contributions beat local patches long-term.

Shipping and reliability habits (1)

Type-safe navigation pays off when routes multiply. Keep param lists near navigators, validate external URLs, and avoid serializing non-JSON-safe values through params. Renaming routes is a cross-cutting change—update analytics, push payloads, and E2E selectors in the same release train.

FlatList performance is configuration as much as code. Stable keys, reasonable `windowSize`, and memoized rows beat switching to a different list primitive blindly. Nested virtualized lists are a last resort—redesign first. Profile with production-like data volumes; dev placeholders lie.

Platform differences worth rehearsing (2)

Expo SDK upgrades are integration projects: `expo doctor`, aligned community packages, regenerated native projects, and device smoke tests for camera, push, and IAP. Freeze unrelated native refactors during the upgrade window and keep rollback paths hot. Document surprises for the next upgrade while memory is fresh.

Hermes versus JSC is not a lifestyle choice—profile your app. Hermes usually wins on startup; some libraries still assume JSC quirks. Engine toggles are not substitutes for fixing quadratic renders in your own code. Upgrade notes matter: Intl support and debugging tooling evolve.

Security, privacy, and data handling (3)

Design tokens and semantic colors make dark mode and rebrands feasible. Mixing three styling systems doubles migration cost—pick a primary approach and draw boundaries. Runtime CSS-in-JS can cost frame time on hot screens—profile before adopting wholesale.

ScrollView versus FlatList is a data-volume question. Small static content belongs in ScrollView; long feeds belong in virtualized lists. Nested scrollables need explicit height contracts—redesign beats fighting physics. Document intentional choices so future refactors do not ‘optimize’ blindly.

Performance and measurement discipline (4)

Shipping React Native features is less about any single API and more about the system around it: typed boundaries, predictable navigation, and telemetry that tells you what broke in production. Prefer boring, explicit modules over clever metaprogramming that the next hire cannot grep. When platform vendors change behavior in point releases, your defense is automated smoke tests on real devices and a short internal changelog of native assumptions you rely on.

Performance work should start with measurement, not instinct. Watch JS thread versus UI thread separately; they bottleneck differently. Lists, images, and animations dominate most regressions—optimize those before micro-optimizing pure functions. Hermes, JSC, and bridge internals evolve; re-profile after every major upgrade instead of trusting last year’s numbers. Battery and thermal throttling on mid devices reveal issues flagship phones hide.

Team process and long-term maintenance (5)

Native modules are product decisions disguised as engineering tasks. You inherit Xcode and Gradle upgrades, store review scrutiny, and security obligations. Prefer maintained Expo modules and config plugins before writing JNI or Swift glue from scratch. When you must go native, budget pairing time with platform specialists and write runbooks for on-call—crashes in native code bypass many JS safeguards.

Deep links are a cross-team system: marketing URLs, hosted association files, entitlements, router params, and analytics query preservation. Debug with structured logging of raw URLs (scrub secrets) and reproduce cold-start races with auth hydration. Staging and production should be obviously separated—accidentally opening prod from a QA link erodes trust and pollutes data.

Shipping and reliability habits (6)

WebViews are untrusted browsers inside your app. Validate `postMessage` payloads, lock navigation to expected hosts, and prefer system-browser auth flows when OAuth security demands it. Third-party JavaScript can change without your deploy—treat XSS in web as bridge compromise risk. Clear storage on logout and rate-limit message handlers.

E2E tests should protect revenue paths, not every permutation. Stable selectors (`testID`) beat text that marketing rewrites weekly. Flake management is a feature: quarantine, fix root causes, and keep smoke suites green on CI devices. Five reliable tests beat fifty flaky ones that everyone ignores.

Platform differences worth rehearsing (7)

Splash screens and launch gates should reflect honest readiness: fonts, theme, session, critical remote config—not every SDK under the sun. Infinite splash is worse than a slightly longer branded hold. Match native and JS background colors to avoid flashes; respect reduced motion for animations.

JWT and session refresh flows need single-flight refresh, clear logout semantics, and secure storage for refresh tokens when appropriate. Parallel 401s should not stampede refresh endpoints. Clock skew and biometrics policies belong in explicit product decisions, not accidental implementation details.

Security, privacy, and data handling (8)

Reanimated and gesture libraries earn their place when profiling proves UI-thread work and your team can maintain native upgrades. Worklets have constraints—read errors carefully. Respect reduced motion and test Android timing differences—identical JS does not guarantee identical feel.

Analytics schema governance prevents warehouse disasters: version events, avoid high-cardinality strings, and align names across iOS, Android, and web. Consent gating must stop network calls, not just UI. Separate dev and prod projects to avoid polluting dashboards.

Performance and measurement discipline (9)

Metro cache issues masquerade as logic bugs. Establish a documented reset ladder: dev server restart, cache flags, Watchman, derived data, then dependency reinstalls. Compare platforms when only one breaks—native steps diverge. Keep CI caches deterministic with lockfiles and pinned toolchains.

Environment variables should be classified: public-by-design, sensitive-with-mitigations, or never-on-device. `EXPO_PUBLIC_` values are extractable—treat them that way. Align env handling across EAS profiles and local dev; fail fast when keys are missing instead of shipping undefined behavior.

Team process and long-term maintenance (10)

Security and privacy expectations move faster than roadmaps. Treat analytics, crash, and attribution SDKs as part of your threat model: initialize them deliberately, document data flows, and verify ‘off’ truly stops network calls. Client-side secrets are public secrets—anything shipped in an APK or IPA should be assumed extractable. Pair mobile changes with backend policies so authorization remains consistent across platforms.

Accessibility is compatibility. Labels, focus order, and dynamic type are not polish—they determine whether users can complete tasks at all. Test with VoiceOver and TalkBack on hardware; simulators miss focus bugs. When designs prioritize minimalism, negotiate text alternatives for icon-only controls. Accessibility regressions often follow navigation redesigns—add checklist items to those PRs specifically.

Shipping and reliability habits (11)

Storage is not a database. AsyncStorage and MMKV excel at key-value preferences; SQLite or remote APIs belong elsewhere for relational data. Migrations should be incremental, logged, and non-blocking for UI. Secure tokens need secure storage when your model demands it—speed is not a substitute for correctness on auth material.

Platform differences worth rehearsing (12)

In-app purchases require server validation, restore flows, and support tooling that respects privacy. Sandbox quirks are normal—budget QA time. Subscriptions interact with family sharing, regional pricing, and refunds; engineering must stay aligned with finance and legal narratives users see in receipts.

Security, privacy, and data handling (13)

Background execution policies change with OS updates—revalidate after major iOS and Android releases. Misused background modes invite rejection. Persist user work frequently; the OS can kill you anytime after backgrounding. Uploads and timers should tolerate pause and resume without corrupting state.

Performance and measurement discipline (14)

Team process and long-term maintenance (15)

Images and maps look simple in mocks and expensive in production. Decode sizes should match display sizes; static map thumbnails are not interchangeable with interactive MapView gestures. Quotas, API keys, and offline behavior need explicit fallbacks—addresses as text, retry buttons, and calm error copy. Monitor vendor dashboards for spikes that indicate bugs or abuse.

Error boundaries catch render failures, not native crashes or async mistakes. Pair them with platform crash reporting and structured client logs. Fallback UI should include build identifiers and humane copy—never raw stack traces for end users. Test fallbacks with screen readers; a broken error screen is still broken UX.

Shipping and reliability habits (16)

Poursuivre la lecture

Plus récentList performance myths in React Native Plus ancienMonorepos with Expo: Metro, workspaces, and shared packages

Structure du projet → · Utilitaires d’app →