No-code has a security issue

Vincent Krouwels
Aug 7 · 3 min read

We love no-code. It has enabled us to create a business and help companies and individuals in ways we never thought were possible. Coming from a no-code background, the learning curve was steep at times. No-code is explained as coding without the code, in reality that is often not the case. Especially when dealing with bigger clients, you need to know more. Not just more technical implementations, beyond the realm of no-code drag & drop, but also in areas of data privacy and security.

And it is in this area that no-code seems vulnerable. We work primarily with Bubble, the recently $6M funded visual programming language, which gives you all the tools you need to build secure web apps. It is understandably difficult for them to promote the platform’s ease-of-use as well as putting emphasis on security and privacy at the same time.

It has never been easier for ‘regular folk’, people who do not have the time or skills to learn how to code, to create web applications. It is exactly what Bubble is capitalizing on: “You don’t need to be a coder to build software”. Logically, they emphasize the exciting stuff for first-time users: build an actual working application at lighting speed.

What is left as an ‘advanced feature’ is the settings that deal with data security and the privacy of personal information. “I’ll deal with that later”, is a common and understandable thought.

The leaking of data or even the blatant abuse of personal digital data by some of the largest companies in the world (👋 hello The Great Hack), solidifies the importance of safeguarding that data. It means that also on our scale, we as no-code app builders have the obligation to use peoples data in a respectful manner, to be careful with data that people give us and trust we do not use it for anything else than providing the service they signed up for.

The leaking of thousands of user’s PII can cause serious harm to no-code development platforms.

This is not easy. Especially for non-technical builders like ourselves. We are not data security and privacy experts. That is why we created a simple tool for Bubble app builders to check whether their apps externally expose the data they intended to expose. It checks for exposed data types as well as exposed endpoints, giving an indication of what data is visible and could potentially be manipulated externally.

We also feel that no-code tools should (if they don’t already) put more emphasis on the importance of data privacy and security. The subject is not as sexy as that of building Twitter in an hour but it is crucial for the adoption of no-code development platforms.

Bubble provides all the tools to make apps secure but it is up to the users to implement those tools in the right way. If apps and websites built on Bubble expose thousands of user’s Personally Identifiable Information, you need to realize the potential harm that can cause to the credibility of Bubble as a programming language and the legitimacy of no-code as a serious alternative to traditional means of app building.

Building on Bubble? Use our tool to check your app’s data exposure and help keep everyone’s data safe!

Ideable*

Digital product design agency embracing no-code

Vincent Krouwels

Written by

Helping businesses grow with ideable.co

Ideable*

Ideable*

Digital product design agency embracing no-code

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade