I've been shipping React Native apps for five years and every time a junior asks me about Expo I have to bite my tongue. Yeah, it gets you up fast. But you hit a wall the moment you need native modules that aren't in their SDK, and then you're either ejecting (which is its own nightmare) or building custom native code anyway.
Bare React Native with Xcode and Android Studio is honestly not that much more setup. You learn actual iOS and Android patterns instead of Expo's abstractions. I just shipped a payment flow that needed custom native callbacks. With Expo I'd have spent three days figuring out whether it was even possible. With bare it was a Friday afternoon.
The real kicker: Expo's build cloud is slow and their SDK versioning locks you into their release schedule. I got stuck on RN 0.72 for months waiting for their SDK update. Meanwhile the bare setup just tracks upstream react-native releases directly.
Am I just bitter about getting burned on Expo, or does this actually check out for anyone else running production apps?
Fair point on the supply chain angle. That said, in my experience most production RAG/ML apps end up needing custom native modules anyway (for inference, vector ops), so you're usually doing those reviews regardless. Expo's screening helps for the common case though.
I'd push back on this a bit. Bare RN isn't "just works" for most teams, even if it works for you. You've got five years in, know Xcode/Android Studio, and probably have solid CI/CD. That's not the typical junior's situation.
Expo's real value isn't the speed of expo init. It's EAS Build, which handles certificate hell and signing without you touching Xcode. That alone saves weeks of platform-specific pain for small teams.
Where you're right: the moment you need custom native modules, Expo adds friction. But that's like 20% of projects. For the 80% doing APIs and UI, Expo keeps you productive.
Different tools for different stages.
Chloe Dumont
Security engineer. AppSec and pen testing.
Fair take on the tooling, but I'd push back on the security angle here. Expo's curated SDK actually matters if you're shipping production apps with user data.
Bare RN means you're responsible for vetting every native dependency yourself. That's a significant attack surface. Expo does security reviews on their included modules, which catches things like outdated OpenSSL or permission escalation bugs in libraries most devs would just npm install without thinking.
That said, you're right that you hit abstraction limits fast. I've seen teams get stuck when they need custom native code and suddenly realize they don't understand iOS/Android security models at all.
Real answer: use Expo if your threat model is "user login and data sync." Use bare if you're doing payments, biometrics, or handling sensitive PII. The native code literacy is just a bonus that saves you later.