I'm currently building a small Oracle APEX-based internal tool for logging and processing mobile data inputs, and a few users mentioned they prefer using alternatives like apps found through a safer thirdparty appstore due to region-specific restrictions on the App Store.
My concern is around data security and app authenticity when those apps interface with our systems. For example, how would you recommend validating requests or structuring API endpoints when the mobile client might be coming from a third-party environment, not an official store version?
Have others run into this? I'm trying to avoid exposing our APEX backend to anything questionable, while still being flexible enough for mobile users outside the U.S. Any insights or precautions appreciated!