Mobile app with configuration to access different server environment

Question

just wanted to know if it is a good practice for app development where in build variants can access same set of server environment. For example, with a production build I can access development, staging, and production server just by changing configuration from hidden settings or by appending environment pefix on login screen.

What kind of attacks are possible and what are the factors which supports developers to not to follow such practices. I think it's a big security risk where in internal employee or smart hackers can use such setting to attack secure databases.

If this is a Security risk then how should be organise build variants and their mapping with server environments. For example, develop build should point to develop web servers and test build should point to testing servers and so on.

Further how I can make good use of playstore alpha, beta and prod channels. Should builds released to alpha channel point to production. Or they should point to different environments.

Answer 1

how should be organise build variants and their mapping with server environments. For example, develop build should point to develop web servers and test build should point to testing servers and so on.

I suppose, that theanswer is build variants and gradle config adding url to BuildConfig file from Gradle

Answer 2

I went into this question lately, and I think build flavours answer it properly because you can create one per environment (see Multi-flavour variants examples): https://androiddevsimplified.wordpress.com/2016/04/06/gradle-power-android-product-flavours-and-configuration/