Image for post
Image for post

No-code has a security issue

Vincent Krouwels
Aug 7, 2019 · 3 min read

We love no-code. It has enabled us to create a business and help companies and individuals in ways we never thought were possible. Coming from a no-code background, the learning curve was steep at times. No-code is explained as coding without the code, in reality that is often not the case. Especially when dealing with bigger clients, you need to know more. Not just more technical implementations, beyond the realm of no-code drag & drop, but also in areas of data privacy and security.

And it is in this area that no-code seems vulnerable. We work primarily with Bubble, the recently $6M funded visual programming language, which gives you all the tools you need to build secure web apps. It is understandably difficult for them to promote the platform’s ease-of-use as well as putting emphasis on security and privacy at the same time.

It has never been easier for ‘regular folk’, people who do not have the time or skills to learn how to code, to create web applications. It is exactly what Bubble is capitalizing on: “You don’t need to be a coder to build software”. Logically, they emphasize the exciting stuff for first-time users: build an actual working application at lighting speed.

What is left as an ‘advanced feature’ is the settings that deal with data security and the privacy of personal information. “I’ll deal with that later”, is a common and understandable thought.

The leaking of data or even the blatant abuse of personal digital data by some of the largest companies in the world (👋 hello The Great Hack), solidifies the importance of safeguarding that data. It means that also on our scale, we as no-code app builders have the obligation to use peoples data in a respectful manner, to be careful with data that people give us and trust we do not use it for anything else than providing the service they signed up for.

The leaking of thousands of user’s PII can cause serious harm to no-code development platforms.

This is not easy. Especially for non-technical builders like ourselves. We are not data security and privacy experts. That is why we created a simple tool for Bubble app builders to check whether their apps externally expose the data they intended to expose. It checks for exposed data types as well as exposed endpoints, giving an indication of what data is visible and could potentially be manipulated externally.

We also feel that no-code tools should (if they don’t already) put more emphasis on the importance of data privacy and security. The subject is not as sexy as that of building Twitter in an hour but it is crucial for the adoption of no-code development platforms.

Bubble provides all the tools to make apps secure but it is up to the users to implement those tools in the right way. If apps and websites built on Bubble expose thousands of user’s Personally Identifiable Information, you need to realize the potential harm that can cause to the credibility of Bubble as a programming language and the legitimacy of no-code as a serious alternative to traditional means of app building.

Image for post
Image for post

Building on Bubble? Use our tool to check your app’s data exposure and help keep everyone’s data safe!


Digital product design agency embracing no-code

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store