We have a hybrid mobile app on playstore only which reached 30K+ downloads already and actively used. We learnt very late that our server side APIs are open and not protected at
